The Cyberlaw Podcast: The Midnight Basketball of Cybersecurity

Stewart Baker
Tuesday, October 17, 2017, 8:06 PM

This episode features an interview with Mårten Mickos, the CEO of HackerOne. HackerOne administers bug bounty and vulnerability disclosure programs for a host of private companies as well as DOD’s “Hack the Pentagon” program.

Published by The Lawfare Institute
in Cooperation With
Brookings

This episode features an interview with Mårten Mickos, the CEO of HackerOne. HackerOne administers bug bounty and vulnerability disclosure programs for a host of private companies as well as DOD’s “Hack the Pentagon” program. He explains how such programs work, how companies and agencies typically get started (with “vulnerability disclosure” programs), the legal and other assurances that companies need to provide to ensure participation, and the role that bounty administration firms play – from hacker reputation management to providing a kind of midnight basketball tournament for otherwise at-risk fourteen-year-old boys. (And they are boys, at least 98% of them, an issue we also explore.) Along the way, there’s even unexpected praise for the Justice Department’s Computer Crime Section, which has produced a valuable framework for vulnerability disclosure programs.

As always The Cyberlaw Podcast is open to feedback. Send your questions, suggestions for interview candidates or topics to CyberlawPodcast@steptoe.com or leave a message at +1 202 862 5785.

Subscribe to The Cyberlaw Podcast here. We are also on iTunes, Pocket Casts, and Google Play (available for Android and Google Chrome)!

The views expressed in this podcast are those of the speakers and do not reflect the opinions of the firm.


Stewart A. Baker is a partner in the Washington office of Steptoe & Johnson LLP. He returned to the firm following 3½ years at the Department of Homeland Security as its first Assistant Secretary for Policy. He earlier served as general counsel of the National Security Agency.

Subscribe to Lawfare