Katie Moussouris of Microsoft on vulnerability disclosure, ISO standard

Vulnerability disclosure has long been a hot-button security issue, and Katie Moussouris is often on the front lines of the debate for Microsoft in her role as senior security strategist lead for the Microsoft Security Response Center.

Moussouris often works directly with security researchers who find vulnerabilities and bring them to Microsoft’s attention. She’s become a critical figure for Microsoft, not only in outreach and establishing working relationships with white hat and gray hat hackers, but internally helping execute on the Trustworthy Computing initiative with the development of Microsoft’s Exploitability Index and the Microsoft Active Protections Program (MAPP).

In this interview with TechTarget Security Media Group Editorial Director Mike Mimoso, Moussouris talks about her work at Microsoft, the company’s philosophy of coordinated vulnerability disclosure and how it views offensive security research.

They also talk about Microsoft’s vocal support of defensive security research and the BlueHat Prize, to be announced at this year’s Black Hat Briefings. Finally, Moussouris provides an update on the progress being made by the International Standards Organization (ISO) on the development of a vulnerability disclosure standard.

View All Videos

Start the conversation

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.








  • CIO Trends #6: Nordics

    In this e-guide, read how the High North and Baltic Sea collaboration is about to undergo a serious and redefining makeover to ...

  • CIO Trends #6: Middle East

    In this e-guide we look at the role of information technology as the Arabian Gulf commits billions of dollars to building more ...

  • CIO Trends #6: Benelux

    In this e-guide, read about the Netherlands' coalition government's four year plan which includes the term 'cyber' no fewer than ...