Who we are

Founded by Katie Moussouris, a noted authority on vulnerability disclosure and bug bounties, Luta Security specializes in sustainable process improvement for handling vulnerabilities. 

Whether coordinating vulnerabilities up and down a supply chain, building a simple vulnerability disclosure program, or launching a bug bounty, Luta Security puts your organization's needs and maturity on a proven path to improved security.

Not everyone needs a bug bounty program, and Luta Security understands the risks and tradeoffs of many different models for learning about vulnerabilities. 

For organizations running bug bounty programs, Luta Security can help you maximize your investment to Bounty Smarter, Not Harder.

Luta Security advises companies, lawmakers, and governments on the benefits of hacking and security research to help make the internet safer for everyone. The UK National Cyber Security Centre has partnered with Luta Security for its first ever vulnerability disclosure pilot programs. 

Our founder's work includes helping the US Department of Defense start the government's first bug bounty program, called "Hack the Pentagon," and advised on the DoD's ongoing vulnerability disclosure program. This was based on years of discussions with DoD officials, following her creation of Microsoft's first bug bounty programs.

Ms. Moussouris is also part of the official US Wassenaar delegation to successfully renegotiate a controversial export control agreement that threatened to interfere with internet defense. Her earlier Microsoft work encompassed industry-leading initiatives such as Microsoft's bug bounty programs and Microsoft Vulnerability Research. 

Ms. Moussouris is also a subject matter expert for the US National Body of the International Standards Organization (ISO) in vuln disclosure (29147), vuln handling processes (30111), and secure development (27034). Katie is a visiting scholar with MIT Sloan School, doing research on the vulnerability economy and exploit market. She is a New America Foundation Fellow and Harvard Belfer Affiliate. Katie is on the CFP review board for RSA, O'Reilly Security Conference, Shakacon, Hack in the Box, and is an adviser to the Center for Democracy and Technology.

No other service provider has the history or depth of experience in creating vulnerability disclosure programs and bug bounties or other unique incentives for some of the most complex organizations in the world than lutasecurity.com

Contact us to learn more.