Each episode we’re going to be talking about information security and technology security issues that matter to business, not just the technologists. This episode Dave and Beau talk with Katie Moussouris of Microsoft about Bug Bounties – rewards Microsoft and other companies provide security researchers who demonstrate insecurities in their software. Katie makes the case that these improve Microsoft and customers’ security, as well as help cut costs.
Katie, Dave and Beau geek out a little bit, but bring it back around to why it matters to your revenues and costs. Bug Bounties are financial incentives that are provided to security researchers for finding bugs in the company’s software. Microsoft famously said they’d never pay researchers for security issues they found, but using sound business reasoning Katie was able to get them to see the advantages of launching a bug bounty program. Microsoft recently paid one researcher $100,000 USD for his work and expanded the program in ways that many businesses can take advantage of. Microsoft also launched a Bug Bounty program for the Internet itself, as well as many of the Open Source Software packages that run much of the Internet infrastructure.