Repository of articles
News Archive
Security Conversations
Katie Moussouris on where bug bounties went wrong
Ryan Naraine / December 8, 2022
The Washington Post: Cybersecurity 202
For cyber experts, disinformation overshadows cyberthreats in midterms
Tim Starks / October 31, 2022
VICE
This Hacker Is Trying to Close the Gender Pay Gap in Cybersecurity
Chloe Xiang / September 14, 2022
InfoSecurity Magazine
Bug Bounty Botox – Why You Need a Security Process First
Sean Michael Kerner / August 12, 2022
The Register
As Black Hat kicks off, the US government is getting the message on hiring security talent
Iain Thomson / August 10, 2022
Associated Press
Experts: California lacked safeguards for gun owner info
Don Thompson / July 1, 2022
Yahoo! News
Security experts break down exactly why you shouldn't share your passwords: 'It's really dangerous'
May 10, 2022
CyberScoop
Musk's plans to make Twitter's algorithms public raises disinformation conundrum
Tonya Riley / April 26, 2022
NBC News
Attacking rival, Google says Microsoft’s hold on government security is a problem
Kevin Collier / March 31, 2022
Yahoo! Finance
Russia may be primed to hack America’s infrastructure
Daniel Howley / February 24, 2022
The Washington Post: Cybersecurity 202
Most cyber pros give thumbs down to the EARN IT Act
Joseph Marks / February 23, 2022
The Washington Post: Cybersecurity 202
Senators aren't swayed by Apple's security arguments
Joseph Marks / February 4, 2022
CNN
New DHS Cyber Safety Review Board will investigate major incidents
Geneva Sands and Sean Lyngaas / February 3, 2022
TechCrunch
Carly Page / February 3, 2022
The Washington Post: Cybersecurity 202
Is Russia or China the biggest cyber threat? Experts are split
Joseph Marks / January 20, 2022
The Register
Google says open-source software should be more secure
Thomas Claburn / January 14, 2022
Wired
The FTC Wants Companies to Find Log4j Fast. It Won't Be So Easy
Chris Stokel-Walker / January 10, 2022
Federal News Network
Agencies get Christmas Eve deadline to address ‘extremely concerning’ vulnerability
Justin Doubleday / December 15, 2021
CNN
US government to offer up to $5,000 'bounty' to hackers to identify cyber vulnerabilities
Geneva Sands / December 14, 2021
Wired Magazine
A Log4J Vulnerability Has Set the Internet 'On Fire'
Lily Hay Newman / December 10, 2021
CSO Magazine
NIST workshop provides clues to upcoming software supply chain security guidelines
Cynthia Brumfield / November 23, 2021
StateScoop
Reporter who notified Missouri officials of website flaw did 'nothing out of line,' emails show
Benjamin Freed / October 27, 2021
The Washington Post
The U.S. cyber workforce gap is getting bigger
Cybersecurity 202 / Joseph Marks / October 26, 2021
StateScoop
Missouri governor accuses newspaper of 'hacking' state website
Benjamin Freed / October 14, 2021
The Register
Zero-day hunters seek laws to prevent vendors suing them for helping out and doing their jobs
Simon Sharwood / October 11, 2021
VICE
Apple ‘Still Investigating’ Unpatched and Public iPhone Vulnerabilities
Lorenzo Franceschi-Bicchierai / September 27, 2021
Forbes
An American Company Fears Its Windows Hacks Helped India Spy On China And Pakistan
Thomas Brewster / September 17, 2021
NBC News
It's not just you: Emergency software patches are on the rise
Kevin Collier / September 14, 2021
Yahoo! News
'Zero-day' hacks, like the one that forced Apple’s emergency update, are on the rise
Kevin Collier / September 14, 2021
TechRadar
Apple's bug bounty program is coming under criticism - here's why
Mayank Sharma / September 10, 2021
Ars Technica
Infosec researchers say Apple’s bug-bounty program needs work
Jim Salter / September 9, 2021
The Washington Post
Apple pays hackers six figures to find bugs in its software. Then it sits on their findings.
Reed Albergotti / September 9, 2021
Decipher
'Drive It Like You Stole It: When Bug Bounties Went Boom, Part Three
Dennis Fisher / September 1, 2021
Decipher
Uprising in the Valley: When Bug Bounties Went Boom, Part Two
Dennis Fisher / August 31, 2021
SC Media
As Fortinet spars with Rapid7, what can everyone else learn about disclosure?
Joe Uchill / August 18, 2021
The Register
Thomas Claburn / August 17, 2021
Sky News
Ministry of Defence makes first ever bounty payments to hackers
Alexander Martin / August 3, 2021
The Washington Post
The Cybersecurity 202: Cyber experts give Biden top marks at six months
Joseph Marks / July 26, 2021
The Register
Iain Thomson / July 15, 2021
Associated Press
Firm hacked to spread ransomware had previous security flaws
Matt O'Brien / July 13, 2021
The Register
AWS launches BugBust contest: Help fix a $100m problem for a $12 tshirt
Thomas Claburn / June 25, 2021
SecurityWeek
Cybersecurity Companies Join Forces Against Controversial DMCA
Eduard Kovacs / June 24, 2021
TechSpective Podcast Episode 067
Katie Moussouris: Coordinated Vulnerability Disclosure and the Problem with Bug Bounty Platforms
Tony Bradley / June 21, 2021
Washington Post
Cybersecurity 202: The Biden administration aims big on cybersecurity spending
Joseph Marks / June 1, 2021
SC Media
House bill would require federal contractors to put in place vulnerability disclosure programs
Joe Uchill / June 1, 2021
Yahoo! News
Security experts break down exactly why you shouldn't share your passwords: 'It's really dangerous'
Korin Miller / May 20, 2021
Yahoo Finance
How to 'be vigilant' and protect your digital assets from getting hacked
Alexis Keenan / April 29, 2021
Washington Post
Tonya Riley / April 26, 2021
The Register
Thomas Claburn / April 21, 2021
The Hill
For US cyber defense, helpful hackers are only half the battle
Katie Moussouris Op-ed / March 17, 2021
CyberScoop
GitHub removes researcher's Exchange Server exploit, sparking industry debate
Sean Lyngaas / March 11, 2021
The Dallas Morning News/Associated Press
Casting a wide intrusion net: Dozens of companies, agencies were burned with a single hack
Frank Bajak / March 8, 2021
The Washington Post
Tonya Riley / February 1, 2021
CBS News
Apple warns of "remote attacker" security threat on iPhone and iPad, releases iOS 14.4 update
Cassidy McDonald / January 27, 2021
SC Magazine
Survey says, women in cyber make 31 percent less than men
Bradley Barth / January 6, 2021
The Washington Post
The Cybersecurity 202: Trump took the nation in the wrong direction on cybersecurity, experts say
Joseph Marks / December 15, 2020
CyberScoop
HackerOne, Verizon Media weigh pros and cons of making live hacking contests virtual
Tim Starks / December 14, 2020
Bloomberg Law
U.S. Supreme Court to Weigh Anti-Hacking Law’s Limits on Access
Andrea Vittorio / November 27, 2020
Naked Security – Sophos
S3 Ep8: A conversation with Katie Moussouris [Podcast]
Paul Ducklin / November 25, 2020
Government Technology
How to Make the Most of Your Budding Cybersecurity Career
Cisco / November 12, 2020
PC Mag
Did a Security Researcher Really Access Trump’s Twitter Account?
Michael Kan / October 22, 2020
Threatpost
Grindr's Bug Bounty Pledge Doesn't Translate to Security
Lindsey O’Donnell / October 6, 2020
Threatpost
It’s No ‘Giggle’: Managing Expectations for Vulnerability Disclosure
Tara Seals / September 11, 2020
Decipher
CISA Issues Final Order on Federal Vulnerability Disclosure, But Questions Remain
Dennis Fisher / September 4, 2020
TechCrunch
Fb to warn third-party developers of vulnerable code
Zack Whittaker & Sarah Perez / September 3, 2020
The Register
Thomas Claburn / September 2, 2020
InfoRiskToday
So You Want to Build a Vulnerability Disclosure Program?
Mathew J. Schwartz / August 20, 2020
The Register
Shaun Nichols / August 4, 2020
TechTarget
Vendors criticize Microsoft for repeated security failings
Alexander Culafi / August 21, 2023
The Washington Post Cybersecurity 202
Cyber experts say regulators aren't going far enough with their rules
Tim Starks / August 17, 2023
The Washington Post Cybersecurity 202
What to make of the acting national cyber director not getting the full-time job
Tim Starks / July 17, 2023
Decipher
Tech Companies Unveil New Hacking Policy Council, Legal Defense Fund for Researchers
Dennis Fisher / April 13, 2023
Cyberscoop
New hacker advocacy group seeks to protect work of security researchers
Tonya Riley / April 13, 2023
SC Media
Derek B. Johnson / April 13, 2023
The Washington Post
Think ransomware gangs won't thrive this year? Think again, experts say
Tim Starks / March 30, 2023
TechTarget
Microsoft SFI progress report elicits cautious optimism
Alexander Culafi / October 3, 2024
LAWFARE
Lawfare Daily: Katie Moussouris on Bug Bounties
Benjamin Wittes, Jen Patja / August 12, 2024
The Register
Samsung boosts bug bounty to a cool million for cracks of the Knox Vault subsystem
Iain Thomson / August 8, 2024
FastCompany
The Biden administration has been trying to improve the U.S.’s cybersecurity—no thanks to Congress
Rob Pegoraro / August 7, 2024
Yahoo!Tech / The New Republic
Why the Tech Industry Refuses to Learn From Disastrous Outages
Rob Pegoraro / July 22, 2024
Wired
The US Government Is Asking Big Tech to Promise Better Cybersecurity
Eric Geller / May 1, 2024
RSA Conference
RSAC 2024 Quick Look: The Good, the Bad, and the Bounty: 10 Years of Buying Bugs at Microsoft
Katie Moussouris / April 17, 2024
Bloomberg
Clorox Audit Revealed Cybersecurity Flaws at Its Plants in 2020
Ryan Gallagher and Leslie Patton / March 26, 2024
Slate
Let Us All Learn Some Lessons From the Writer Who Was Scammed Out of $50K
Scott Nover / February 16, 2024
Fast Company
SIM swapping: the simple way that hackers took over the SEC’s X Account
Scott Nover / January 26, 2024
Security Conversations
Katie Moussouris on building a different cybersecurity businesses
Ryan Naraine / Janurary 19, 2024
The Record
The nature of bug bounty programs is changing, and their ‘auntie’ is worried
Dina Temple-Raston / Janurary 12, 2024
