Podcast appearances and mentions of Katie Moussouris

Episode 15 of The Basic Income Show! Our main topic in this episode was the full-on support of UBI by Pope Francis.Chapters:00:00 Welcome to The Basic Income Show00:17 The UBI Advocacy of Pope Francis23:13 CBC Coverage of a Coalition of Feminist Orgs for UBI34:21 Theo Von and Mike Rowe Discuss UBI1:00:30 Oakland Resilient Families Fund Results1:20:15 Madison Forward Fund Results1:25:22 Returning Citizens Stimulus Program Results1:28:42 Concluding RemarksAI Summary:In this episode, the hosts discuss the significant endorsement of Universal Basic Income (UBI) by Pope Francis, exploring its implications for social justice and community empowerment. They delve into the Pope's consistent advocacy for UBI, the importance of language in advocacy, and the impact of UBI on employment, education, and recidivism. The conversation also touches on the intersection of automation and work, the role of unpaid labor, and the necessity of community engagement in promoting UBI. Through various pilot programs, the hosts highlight the positive outcomes associated with UBI, emphasizing its potential to transform lives and communities.Theo Von and Mike Rowe:https://www.youtube.com/watch?v=ryokmO9MeBw-See my ongoing compilation of UBI evidence on Bluesky:https://bsky.app/profile/scottsantens.com/post/3lckzcleo7s24See my ongoing compilation of UBI evidence on X: https://x.com/scottsantens/status/1766213155967955332For more info about UBI, please refer to my UBI FAQ: http://scottsantens.com/basic-income-faqDonate to the Income To Support All Foundation to support UBI projects:https://www.itsafoundation.orgSubscribe to the ITSA Newsletter for monthly UBI news:https://itsanewsletter.beehiiv.com/subscribeVisit Basic Income Today for daily UBI news:https://basicincometoday.comSign up for the Comingle waitlist for voluntary UBI:https://www.comingle.us-Follow Scott:https://linktr.ee/scottsantensFollow Conrad:https://bsky.app/profile/theubiguy.bsky.socialhttps://www.linkedin.com/in/conradshaw/Follow Josh:https://bsky.app/profile/misterjworth.bsky.socialhttps://www.linkedin.com/in/joshworth/-Special thanks to: Gisele Huff, Haroon Mokhtarzada, Steven Grimm, Judith Bliss, Lowell Aronoff, Jessica Chew, Katie Moussouris, David Ruark, Tricia Garrett, A.W.R., Daryl Smith, Larry Cohen, John Steinberger, Philip Rosedale, Liya Brook, Frederick Weber, Laurel gillespie, Dylan Hirsch-Shell, Tom Cooper, Robert Collins, Joanna Zarach, Mgmguy, Daragh Ward, Albert Wenger, Andrew Yang, Peter T Knight, Michael Finney, David Ihnen, Steve Roth, Miki Phagan, Walter Schaerer, Elizabeth Corker, Albert Daniel Brockman, Natalie Foster, Joe Ballou, Arjun , Felix Ling, S, Jocelyn Hockings, Mark Donovan, Jason Clark, Chuck Cordes, Mark Broadgate, Leslie Kausch, Braden Ferrin , Juro Antal, Austin, Deanna McHugh, Stephen Castro-Starkey, Nikolaus Rath, and all my other patrons for their support.If you'd like to see your name here in future video descriptions, you can do so by becoming a patron on Patreon at the UBI Producer level or above.Patreon: https://www.patreon.com/scottsantens/membership#UniversalBasicIncome #BasicIncome #UBI

Episode 14 of The Basic Income Show! We cover the results of Germany's unconditional basic income (UBI) pilot!Chapters:00:00 Welcome to The Basic Income Show00:21 Background to Germany's 3-year UBI Pilot09:45 Effects of UBI on Employment and Labor24:09 Effects of UBI on Mental Health and Wellbeing40:11 Effects of UBI on Financial Stability and Behavior1:00:38 Effects of UBI on Socializing and Community Participation1:09:02 Potential Impact of UBI Pilot Results on German Politics1:17:01 That Tumblr Post About Not Even Trying for UBI1:24:36 Jeff Atwood is Putting $50M into Rural UBI Pilots1:28:15 Lawsuit in California Against Racially Targeted Cash Programs1:30:58 NYC Mayoral Candidate Pitches Largest UBI Pilot Yet1:33:12 Rashida Tlaib Introduces Bill for Cash for Homeless Young Adults1:35:53 Cook County Guaranteed Basic Income Pilot Results1:39:38 Tennessee General Assembly Considering Statewide UBI Bill1:42:48 Elon Musk's Daughter Vivian's Support for UBI as a Human Right1:48:50 Concluding RemarksSummary:In this episode of the Basic Income Show we discuss the results of Germany's big 3-year 1,200 euro a month basic income experiment, which includes its effects on employment, mental health, financial stability, and social involvement. The study, which focused on younger adults age 21 to 40 revealed significant improvements in job satisfaction, career mobility, and overall well-being among participants. It also highlighted the positive impact of basic income on financial behavior, with recipients saving more and demonstrating increased generosity. The discussion emphasizes the importance of financial security in fostering personal growth and community engagement. The discussion then moves on to other recent news including Jeff Atwood pledging $50 million of his wealth for three big rural basic income pilots.German UBI pilot findings with charts:https://www.pilotprojekt-grundeinkommen.de/en-See my ongoing compilation of UBI evidence on Bluesky:https://bsky.app/profile/scottsantens.com/post/3lckzcleo7s24See my ongoing compilation of UBI evidence on X: https://x.com/scottsantens/status/1766213155967955332For more info about UBI, please refer to my UBI FAQ: http://scottsantens.com/basic-income-faqDonate to the Income To Support All Foundation to support UBI projects:https://www.itsafoundation.orgSubscribe to the ITSA Newsletter for monthly UBI news:https://itsanewsletter.beehiiv.com/subscribeVisit Basic Income Today for daily UBI news:https://basicincometoday.comSign up for the Comingle waitlist for voluntary UBI:https://www.comingle.us-Follow Scott:https://linktr.ee/scottsantensFollow Conrad:https://bsky.app/profile/theubiguy.bsky.socialhttps://www.linkedin.com/in/conradshaw/Follow Josh:https://bsky.app/profile/misterjworth.bsky.socialhttps://www.linkedin.com/in/joshworth/-Special thanks to: Gisele Huff, Haroon Mokhtarzada, Steven Grimm, Judith Bliss, Lowell Aronoff, Jessica Chew, Katie Moussouris, David Ruark, Tricia Garrett, A.W.R., Daryl Smith, Larry Cohen, Philip Rosedale, Liya Brook, Frederick Weber, John Steinberger, Laurel gillespie, Dylan Hirsch-Shell, Tom Cooper, Robert Collins, Joanna Zarach, Mgmguy, Daragh Ward, Albert Wenger, Andrew Yang, Peter T Knight, Michael Finney, David Ihnen, Steve Roth, Miki Phagan, Walter Schaerer, Albert Daniel Brockman, Natalie Foster, Joe Ballou, Arjun , S, Jocelyn Hockings, Mark Donovan, Jason Clark, Chuck Cordes, Mark Broadgate, Leslie Kausch, Braden Ferrin , Juro Antal, Austin Begin, Deanna McHugh, Stephen Castro-Starkey, Nikolaus Rath, and all my other patrons for their support.If you'd like to see your name here in future video descriptions, you can do so by becoming a patron on Patreon at the UBI Producer level or above.Patreon: https://www.patreon.com/scottsantens/membership

In this episode of Cybersecurity Today, hosted by Jim Love, the show salutes Katie Moussouris of Luta Security for her courage in speaking truth to power. The episode covers various significant news in the cybersecurity world: the explosion of identity theft in Canada's tax system, Prodaft's strategic purchase of hacker forum accounts for intelligence, Google's new security feature for Android devices, Hertz's data breach due to a vendor hack, and a US attorney's allegations against a UK intelligence firm for orchestrating a hack-for-hire scheme. Additionally, the episode discusses the troubling political ramifications following President Trump's revocation of security clearance from Chris Krebs, former CISA director, and the subsequent investigation, highlighting the importance of protecting free speech and integrity within the cybersecurity profession. 00:00 Introduction and Salute to Katie Moussoursis 00:44 Identity Theft Nightmare in Canada 03:20 Prodaft's Innovative Cybercrime Monitoring 05:22 Google's New Android Security Feature 07:08 Hertz Data Breach and Legal Implications 09:22 Controversial Hack-for-Hire Allegations 11:26 Conclusion and Final Thoughts 11:36 Speaking Truth to Power: The Case of Chris Krebs

Episode 10 of The Basic Income Show! With the UK looking to invest heavily into AI, and Canada potentially electing a new leader worried about AI impacts, is UBI's window opening?Chapters:00:00 Welcome to The Basic Income Show01:14 The Los Angeles Fires14:25 Comingle as Disaster Aid29:48 Compton Guaranteed Basic Income Pilot Misinformation38:05 Bad UBI Take by Tony Robbins and Chris Williamson43:19 The Physics of Boot Straps 48:06 UK to Inject AI into its Veins1:01:33 Mark Carney Discussing AI and UBI?1:14:11 Former Mayor of Oakland's Op-ed About Trump and UBI1:21:50 41% of Employers to Reduce Staff by 20301:28:18 Robots to Work for $1/hr by 20351:31:20 John Deere Robot Lawnmowers1:33:38 Sam Altman Says AI Agents Will Arrive This Year1:35:15 Evidence for UBI as a Treatment for Tuberculosis1:47:20 Concluding RemarksSummary:This episode starts with discussion of the L.A. fires because Josh lives in Los Angeles and because UBI would do so much to help, and Comingle will soon help as a new method of disaster aid. From there we get into some of the disinformation about the results of the Compton Guaranteed Basic Income Pilot. No it didn't lead to increased menthol cigarette smoking and soda drinking. From there we go into how the UK is looking to go hard on AI with no mention of UBI, and how the race for a new leader of the Liberal Party in Canada has uplifted Mark Carney who has been talking a lot about the negative impacts of AI and the need for strong social supports like UBI. We continue our discussion with more recent automation headlines and end with a fascinating new study that highlights how impactful UBI will be for health by reducing diseases of poverty like tuberculosis.-See my ongoing compilation of UBI evidence on Bluesky:https://bsky.app/profile/scottsantens.com/post/3lckzcleo7s24See my ongoing compilation of UBI evidence on X: https://x.com/scottsantens/status/1766213155967955332For more info about UBI, please refer to my UBI FAQ: http://scottsantens.com/basic-income-faqDonate to the Income To Support All Foundation to support UBI projects:https://www.itsafoundation.orgSubscribe to the ITSA Newsletter for monthly UBI news:https://itsanewsletter.beehiiv.com/subscribeVisit Basic Income Today for daily UBI news:https://basicincometoday.comSign up for the Comingle waitlist for voluntary UBI:https://www.comingle.us-Follow Scott:https://linktr.ee/scottsantensFollow Conrad:https://bsky.app/profile/theubiguy.bsky.socialhttps://www.linkedin.com/in/conradshaw/Follow Josh:https://bsky.app/profile/misterjworth.bsky.socialhttps://www.linkedin.com/in/joshworth/-Special thanks to: Gisele Huff, Haroon Mokhtarzada, Steven Grimm, Judith Bliss, Lowell Aronoff, Jessica Chew, Katie Moussouris, David Ruark, Tricia Garrett, Zack Sargent, A.W.R., Daryl Smith, Larry Cohen, Philip Rosedale, Liya Brook, Frederick Weber, John Steinberger, Bridget I Flynn, Laurel gillespie, Dylan Hirsch-Shell, Tom Cooper, Robert Collins, Joanna Zarach, Mgmguy, Daragh Ward, Albert Wenger, Andrew Yang, Peter T Knight, Michael Finney, David Ihnen, Miki Phagan, Albert Daniel Brockman, Natalie Foster, Joe Ballou, Arjun , Christopher Wroth, S, Jocelyn Hockings, Mark Donovan, Capitalists for Shared Income, Jason Clark, Chuck Cordes, Mark Broadgate, Leslie Kausch, Braden Ferrin , Juro Antal, Austin Begin, Deanna McHugh, Nikolaus Rath,, Laura Ashby, and all my other patrons for their support.If you'd like to see your name here in future video descriptions, you can do so by becoming a patron on Patreon at the UBI Producer level.Patreon: https://www.patreon.com/scottsantens/membership

Episode 9 of The Basic Income Show! Suddenly it was drones, drones, drones, and just as suddenly it's all gone. Let's talk about how conspiracies are fueled by economic anxiety. Chapters: 00:00 Welcome to The Basic Income Show 02:05 Drone Hysteria and How UBI Can Reduce Conspiracy Beliefs 17:47 The Onion's Joke About Treating Welfare Recipients Like Dogs 21:53 Not Having Enough Versus Worrying About Not Having Enough 36:22 Real Stories From Basic Income Pilot Participants 59:58 Results from the Compton Basic Income Pilot 1:20:17 The Story Behind the Stop Hiring Humans Billboards in SF 1:27:13 A Rich Senate Candidate is Running on UBI in the Philippines 1:28:06 Will Bangladesh Test UBI in a Big Way? 1:29:39 Biden Wishes He Put His Name on the Stimulus Checks 1:30:18 New Yorkers May Get Inflation Rebate Stimulus Checks 1:33:28 Ken Paxton Stops Harris County Pilot AGAIN 1:36:23 OxFam America Supports Basic Income 1:39:12 Spokane May Do a Land Value Tax Experiment 1:44:29 Concluding Remarks Key Takeaways: Basic income can alleviate financial stress and cognitive load Conspiracy theories often arise from a lack of cognitive capacity Economic policies like UBI can counteract harmful belief traps Welfare systems can be paternalistic and burdensome Real-life stories illustrate the positive impact of basic income Cognitive resources are finite and can be depleted by financial worries The unspoken societal stressor is the constant need for money UBI provides individuals with the freedom to make choices that matter Cash assistance is more impactful than restrictive welfare programs Addressing financial insecurity can lead to better societal outcomes Cash transfers can aid in addiction recovery Universal programs like RX Kids show significant benefits Frequency of cash transfers impacts their effectiveness Basic income can reduce domestic violence rates Long-term effects of UBI can transform family dynamics AI marketing strategies can provoke necessary discussions about UBI Oxfam advocates for guaranteed basic income as a solution to poverty Land value tax could fund universal basic income initiatives - See my ongoing compilation of UBI evidence on Bluesky: https://bsky.app/profile/scottsantens.com/post/3lckzcleo7s24 See my ongoing compilation of UBI evidence on X: https://x.com/scottsantens/status/1766213155967955332 For more info about UBI, please refer to my UBI FAQ: http://scottsantens.com/basic-income-faq Donate to the Income To Support All Foundation to support UBI projects: https://www.itsafoundation.org Subscribe to the ITSA Newsletter for monthly UBI news: https://itsanewsletter.beehiiv.com/subscribe Visit Basic Income Today for daily UBI news: https://basicincometoday.com Follow Scott: https://linktr.ee/scottsantens Follow Conrad: https://bsky.app/profile/theubiguy.bsky.social Follow Josh: https://bsky.app/profile/misterjworth.bsky.social - Special thanks to: Gisele Huff, Gerald Huff Fund for Humanity, Haroon Mokhtarzada, Steven Grimm, Judith Bliss, Lowell Aronoff, Jessica Chew, Katie Moussouris, David Ruark, Tricia Garrett, Zack Sargent, A.W.R., Daryl Smith, Larry Cohen, Philip Rosedale, Liya Brook, Frederick Weber, John Steinberger, Bridget I Flynn, Laurel gillespie, Dylan Hirsch-Shell, Tom Cooper, Robert Collins, Joanna Zarach, Mgmguy, Daragh Ward, Albert Wenger, Andrew Yang, Peter T Knight, Michael Finney, David Ihnen, Miki Phagan, Albert Daniel Brockman, Natalie Foster, Joe Ballou, Arjun , Christopher Wroth, S, Jocelyn Hockings, Mark Donovan, Capitalists for Shared Income, Jason Clark, Chuck Cordes, Mark Broadgate, Leslie Kausch, Braden Ferrin , Juro Antal, Austin Begin, Deanna McHugh, Nikolaus Rath, Laura Ashby, and all my other funders for their support. If you'd like to see your name here in future video descriptions, you can do so by becoming a patron on Patreon at the UBI Producer level. Patreon: https://www.patreon.com/scottsantens/membership

Episode 6 of The Basic Income Show! In this episode, Scott Santens, Conrad Shaw, and Josh Worth discuss recent developments in the world of Universal Basic Income (UBI). They celebrate ITSA Foundation's successful fundraising for key projects, explore the implications of Nobel Prize winners supporting UBI, and delve into the ongoing debate surrounding Oregon's proposed UBI measure. They discuss various aspects of Universal Basic Income (UBI), including public support, political influences, and recent developments in different regions. They explore the challenges of finding consensus on UBI, the impact of political decisions on public opinion, and the implications of recent polling data from the UK. The conversation also covers the cancellation of the Ontario basic income pilot, election strategies involving cash rebates, and the significance of attack ads in shaping perceptions. Additionally, they delve into the affordability of UBI, recent initiatives in Guyana, and Germany's upcoming UBI experiment. In this conversation, the speakers discuss the viability and implications of basic income, particularly in resource-poor areas. They explore the concept of money scarcity, the benefits of child allowances, and the Marica program in Brazil as a case study for local currency implementation. The conversation also addresses misconceptions about employment impacts of basic income, the empowerment it provides to workers, and the broader health and well-being benefits observed in UBI programs. New evidence from the Democratic Republic of the Congo further supports the positive socioeconomic changes associated with basic income. - Want more UBI data? See my ongoing compilation of UBI evidence on Twitter: https://twitter.com/scottsantens/status/1766213155967955332 For more info about UBI, please refer to my UBI FAQ: http://scottsantens.com/basic-income-faq Donate to the Income To Support All Foundation to support UBI projects: https://www.itsafoundation.org Subscribe to the ITSA Newsletter for monthly UBI news: https://itsanewsletter.beehiiv.com/subscribe Visit Basic Income Today for daily UBI news: https://basicincometoday.com Sign up for the Comingle waitlist for voluntary UBI: https://www.comingle.us - Follow Scott: https://twitter.com/scottsantens https://www.facebook.com/scottsantens https://linktr.ee/scottsantens Follow Conrad: https://twitter.com/theUBIguy https://www.facebook.com/conrad.yaney https://www.linkedin.com/in/conradshaw/ Follow Josh: https://twitter.com/misterjworth https://www.linkedin.com/in/joshworth/ - Special thanks to: Gisele Huff, Haroon Mokhtarzada, Steven Grimm, Judith Bliss, Lowell Aronoff, Jessica Chew, Katie Moussouris, David Ruark, Tricia Garrett, Zack Sargent, A.W.R., Daryl Smith, Larry Cohen, Philip Rosedale, Liya Brook, Frederick Weber, John Steinberger, Bridget I Flynn, Laurel gillespie, Dylan Hirsch-Shell, Tom Cooper, Robert Collins, Joanna Zarach, Mgmguy, Daragh Ward, Albert Wenger, Andrew Yang, Peter T Knight, Michael Finney, David Ihnen, Miki Phagan, Albert Daniel Brockman, Natalie Foster, Joe Ballou, Arjun , Christopher Wroth, S, Jocelyn Hockings, Kara Gillies, Faith Stanhope, Mark Donovan, Capitalists for Shared Income, Jason Clark, Chuck Cordes, Thomas Fitzsimmons, Mark Broadgate, Leslie Kausch, Braden Ferrin , Juro Antal, Austin Begin, Deanna McHugh, Nikolaus Rath, chris heinz, Zachary Weaver, Justin Seifert, Rosa Tran, bradzone, John Sullivan, Team TJ, Yang Deng, Yan Xie, Marie janicke, Tim , Warren J Polk, Jeffrey Emmett, Stephen Castro-Starkey, Kev Roberts, Nicolas Pouillard, Walter Schaerer, Eric Skiff, Thomas Welsh, Laura Ashby, and all my other funders for their support. If you'd like to see your name here in future video descriptions, you can do so by becoming a patron on Patreon at the UBI Producer level. Patreon: https://www.patreon.com/scottsantens/membership --- Support this podcast: https://podcasters.spotify.com/pod/show/scottsantens/support

Ep 5 of The Basic Income Show! We watch Conrad's interview with John Stossel and listen to an AI podcast about my book Let There Be Money. Also fresh evidence from the Finland Basic Income pilot and more! In this episode of the Basic Income Show, Scott Santens, Josh Worth, and Conrad Shaw discuss the implications of Universal Basic Income (UBI) in the context of recent disasters, economic stability, and media representation. They explore how UBI can provide immediate support during crises, the economic arguments for preventative measures, and the misconceptions surrounding work incentives related to UBI. The hosts critique the media's portrayal of UBI by watching John Stossel's interview of Conrad and emphasize the importance of context in understanding economic studies. They also discuss the studied effects of Finland's basic income pilot on voter turnout and the importance of inherent human value in economic systems. The conversation also touches on the role of AI in society and the need for trust in government to foster a healthy democracy. They conclude by examining the relationship between inflation and basic income, emphasizing the need for a supportive economic environment. Videos watched: https://www.youtube.com/watch?v=cIpGOIc80C4 https://www.youtube.com/watch?v=aEUTR_YeweQ Citations: https://onlinelibrary.wiley.com/doi/pdf/10.1111/ajps.12915https://finance.yahoo.com/news/over-one-dozen-guaranteed-income-170300695.html http://ebrary.ifpri.org/utils/getfile/collection/p15738coll2/id/133270/filename/133484.pdf https://www.mckinsey.com/industries/social-sector/our-insights/an-experiment-to-inform-universal-basic-income https://www.cbpp.org/research/family-income-support/chart-book-tanf-at-20 - Want more UBI data? See my ongoing compilation of UBI evidence on Twitter: https://twitter.com/scottsantens/status/1766213155967955332 For more info about UBI, please refer to my UBI FAQ: http://scottsantens.com/basic-income-faq Donate to the Income To Support All Foundation to support UBI projects: https://www.itsafoundation.org Subscribe to the ITSA Newsletter for monthly UBI news: https://itsanewsletter.beehiiv.com/subscribe Visit Basic Income Today for daily UBI news: https://basicincometoday.com Sign up for the Comingle waitlist for voluntary UBI: https://www.comingle.us Follow Scott: https://twitter.com/scottsantens https://www.facebook.com/scottsantens https://linktr.ee/scottsantens Follow Conrad: https://twitter.com/theUBIguy https://www.facebook.com/conrad.yaney https://www.linkedin.com/in/conradshaw/ Follow Josh: https://twitter.com/misterjworth https://www.linkedin.com/in/joshworth/ - Special thanks to: Gisele Huff, Haroon Mokhtarzada, Steven Grimm, Judith Bliss, Lowell Aronoff, Jessica Chew, Katie Moussouris, David Ruark, Tricia Garrett, Zack Sargent, A.W.R., Daryl Smith, Larry Cohen, Philip Rosedale, Liya Brook, Frederick Weber, John Steinberger, Bridget I Flynn, Laurel gillespie, Dylan Hirsch-Shell, Tom Cooper, Robert Collins, Joanna Zarach, Mgmguy, Daragh Ward, Albert Wenger, Andrew Yang, Peter T Knight, Michael Finney, David Ihnen, Miki Phagan, Albert Daniel Brockman, Natalie Foster, Joe Ballou, Arjun , Christopher Wroth, S, Jocelyn Hockings, Kara Gillies, Faith Stanhope, Mark Donovan, Capitalists for Shared Income, Jason Clark, Chuck Cordes, Thomas Fitzsimmons, Mark Broadgate, Leslie Kausch, Braden Ferrin, Juro Antal, Austin Begin, Deanna McHugh, Nikolaus Rath, chris heinz, Zachary Weaver, Justin Seifert, Jodi Sarda, Rosa Tran, bradzone, John Sullivan, Team TJ, Yang Deng, Yan Xie, Marie janicke, Tim , Warren J Polk, Jeffrey Emmett, Stephen Castro-Starkey, Kev Roberts, Nicolas Pouillard, Walter Schaerer, Eric Skiff, Thomas Welsh, Laura Ashby, and all my other funders for their support. If you'd like to see your name here in future video descriptions, you can do so by becoming a patron on Patreon at the UBI Producer level. Patreon: https://www.patreon.com/scottsantens/membership --- Support this podcast: https://podcasters.spotify.com/pod/show/scottsantens/support

Episode 4 of The Basic Income Show! Let's talk about the basic income that Dolly Parton mobilized in response to a disaster in Tennessee. We also debunk all the misinformation in an anti-UBI PragerU video. Summary: In this episode of the Basic Income Show, Scott Santens, Conrad Shaw, and Josh Worth discuss the current state of basic income initiatives, particularly in light of recent events such as Hurricane Helene. We explore the future role of Comingle in providing direct cash assistance during disasters, the challenges faced by traditional disaster relief systems, and the importance of cash in recovery efforts as shown by Dolly Parton's basic income response to Tennessee wildfires. Our conversation also delves into the broader implications of universal basic income (UBI), addressing misconceptions as spread by a PragerU video, and highlighting its potential economic benefits. We emphasize the need for a shift in perspective regarding poverty and disaster relief, advocating for a more proactive approach to supporting individuals in need. We delve into the complexities of Universal Basic Income (UBI), discussing its potential costs, benefits, and the various funding mechanisms that could support it. We also explore the dignity of work, the implications of automation on employment by way of the strike by dockworkers, and the fundamental human drive for purpose and greatness. Watched videos: https://www.youtube.com/watch?v=kInUGW4H3Jc https://www.youtube.com/watch?v=XGPjtRZj5DA ----- Want more UBI data? See my ongoing compilation of UBI evidence on X: https://twitter.com/scottsantens/status/1766213155967955332 For more info about UBI, please refer to my UBI FAQ: http://scottsantens.com/basic-income-faq Donate to the Income To Support All Foundation to support UBI projects: https://www.itsafoundation.org Subscribe to the ITSA Newsletter for monthly UBI news: https://itsanewsletter.beehiiv.com/subscribe Visit Basic Income Today for daily UBI news: https://basicincometoday.com Sign up for the Comingle waitlist for voluntary UBI: https://www.comingle.us For previous audio-only discussions between Conrad, Josh, and I, and the occasional guest, check out the ITSA Live! playlist on Comingle's channel: https://www.youtube.com/watch?v=17-rRsLr_X4&list=PLrF7vwddTTzTWpvVvsCwrmwlg5k_v2zpV&pp=iAQB Follow Scott: https://twitter.com/scottsantens https://www.facebook.com/scottsantens https://linktr.ee/scottsantens Follow Conrad: https://twitter.com/theUBIguy https://www.facebook.com/conrad.yaney https://www.linkedin.com/in/conradshaw/ Follow Josh: https://twitter.com/misterjworth https://www.linkedin.com/in/joshworth/ - Special thanks to: Gisele Huff, Haroon Mokhtarzada, Steven Grimm, Judith Bliss, Lowell Aronoff, Jessica Chew, Katie Moussouris, David Ruark, Tricia Garrett, Zack Sargent, A.W.R., Daryl Smith, Larry Cohen, Philip Rosedale, Liya Brook, Frederick Weber, John Steinberger, Bridget I Flynn, Laurel gillespie, Dylan Hirsch-Shell, Tom Cooper, Robert Collins, Joanna Zarach, Mgmguy, Daragh Ward, Albert Wenger, Andrew Yang, Peter T Knight, Michael Finney, David Ihnen, Miki Phagan, Albert Daniel Brockman, Natalie Foster, Joe Ballou, Arjun, Christopher Wroth, S, Jocelyn Hockings, Kara Gillies, Faith Stanhope, Mark Donovan, Capitalists for Shared Income, Jason Clark, Chuck Cordes, Thomas Fitzsimmons, Mark Broadgate, Leslie Kausch, Braden Ferrin, Juro Antal, Austin Begin, Deanna McHugh, Nikolaus Rath, chris heinz, Zachary Weaver, Justin Seifert, Jodi Sarda, Rosa Tran, bradzone, John Sullivan, Team TJ, Yang Deng, Yan Xie, Marie janicke, Tim, Warren J Polk, Jeffrey Emmett, Stephen Castro-Starkey, Kev Roberts, Nicolas Pouillard, Walter Schaerer, Eric Skiff, Thomas Welsh, Laura Ashby, and all my other funders for their support. If you'd like to see your name here in future video descriptions, you can do so by becoming a patron on Patreon at the UBI Producer level. Patreon: https://www.patreon.com/scottsantens/membership --- Support this podcast: https://podcasters.spotify.com/pod/show/scottsantens/support

Episode 3 of The Basic Income Show! Canada considers basic income legislation and Bret Weinstein talks nonsense about UBI... Also an experiment that suggests UBI leads to more meritocratic outcomes! In this episode of the Basic Income Show, we discuss the recent developments surrounding basic income legislation in Canada, specifically Bill C-223. We delve into the details of the bill, its implications for a guaranteed livable basic income, and the misinformation surrounding the concept. The conversation also touches on the political landscape in Canada, the role of research in shaping policy, and the challenges and opportunities that lie ahead for basic income initiatives. In this conversation, we discuss the challenges faced by non-college educated individuals in achieving the American dream, the rising deaths of despair among this demographic, and the implications of educational polarization as we debunk an interview with Bret Weinstein. We explore the case for Universal Basic Income (UBI) as a solution to economic inequality and disillusionment with capitalism, emphasizing the importance of providing a safety floor for all individuals. The conversation also touches on the role of inheritance in perpetuating inequality and presents a meritocracy experiment that highlights the impact of luck versus talent in achieving success. Finally, we discuss the Pope's recent support for UBI, framing it as a moral imperative in the face of automation and economic challenges. ----- Want more UBI data? See my ongoing compilation of UBI evidence on Twitter: https://twitter.com/scottsantens/status/1766213155967955332 For more info about UBI, please refer to my UBI FAQ: http://scottsantens.com/basic-income-faq Donate to the Income To Support All Foundation to support UBI projects: https://www.itsafoundation.org Subscribe to the ITSA Newsletter for monthly UBI news: https://itsanewsletter.beehiiv.com/subscribe Visit Basic Income Today for daily UBI news: https://basicincometoday.com Sign up for the Comingle waitlist for voluntary UBI: https://www.comingle.us ----- Follow Scott: https://twitter.com/scottsantens https://linktr.ee/scottsantens ----- Follow Conrad: https://twitter.com/theUBIguy https://www.facebook.com/conrad.yaney https://www.linkedin.com/in/conradshaw/ ----- Follow Josh: https://twitter.com/misterjworth https://www.linkedin.com/in/joshworth/ ----- Special thanks to: Gisele Huff, Haroon Mokhtarzada, Steven Grimm, Judith Bliss, Lowell Aronoff, Jessica Chew, Katie Moussouris, David Ruark, Tricia Garrett, Zack Sargent, A.W.R., Daryl Smith, Larry Cohen, Philip Rosedale, Liya Brook, Frederick Weber, John Steinberger, Bridget I Flynn, Laurel gillespie, Dylan Hirsch-Shell, Tom Cooper, Robert Collins, Joanna Zarach, ace bailey, Daragh Ward, Albert Wenger, Andrew Yang, Peter T Knight, Michael Finney, David Ihnen, Miki Phagan, Albert Daniel Brockman, Natalie Foster, Joe Ballou, Arjun , Christopher Wroth, S, Jocelyn Hockings, Kara Gillies, Faith Stanhope, Mark Donovan, Capitalists for Shared Income, Jason Clark, Chuck Cordes, Thomas Fitzsimmons, Mark Broadgate, Leslie Kausch, Braden Ferrin , Juro Antal, Austin Begin, Deanna McHugh, Nikolaus Rath, chris heinz, Zachary Weaver, Justin Seifert, Jodi Sarda, Rosa Tran, bradzone, John Sullivan, Team TJ, Yang Deng, Yan Xie, Marie janicke, Tim , Warren J Polk, Jeffrey Emmett, Stephen Castro-Starkey, Kev Roberts, Nicolas Pouillard, Walter Schaerer, Eric Skiff, Thomas Welsh, Laura Ashby, and all my other funders for their support. If you'd like to see your name here in future video descriptions, you can do so by becoming a patron on Patreon at the UBI Producer level. Patreon: https://www.patreon.com/scottsantens/membership --- Support this podcast: https://podcasters.spotify.com/pod/show/scottsantens/support

Episode 2 of The Basic Income Show In this conversation, Scott Santens, Conrad Shaw, and Josh Worth discuss the implications of basic income through recent pilot programs like Sam Altman's three-year experiment and Denver's Basic Income Pilot Project, analyzing the results and addressing common misconceptions. They highlight the importance of understanding the nuanced effects of basic income on employment, caregiving, and overall well-being. Personal stories from recipients illustrate the transformative potential of basic income, while critiques of misleading narratives exemplified by a recent Coin Bureau video emphasize the need for a more informed public discourse. The conversation concludes with a call to action for future initiatives and community involvement in basic income projects. Here are the two videos we watched: https://www.youtube.com/watch?v=yXDq5ypJru8 https://www.youtube.com/watch?v=-HLNh77k0cc List of cited sources: https://www.scottsantens.com/did-sam-altman-basic-income-experiment-succeed-or-fail-ubi/ https://www.mdpi.com/2071-1050/12/22/9459 https://aibm.org/research/the-state-of-working-class-men/ https://www.sciencedirect.com/science/article/abs/pii/S0749379724002915 https://www.covidmoneytracker.org/ https://www.frbsf.org/research-and-insights/publications/economic-letter/2022/03/why-is-us-inflation-higher-than-in-other-countries/ https://www.tandfonline.com/doi/full/10.1080/05775132.2023.2278348 https://www.journals.uchicago.edu/doi/abs/10.1086/689575 Want more data? See my ongoing compilation of UBI evidence on Twitter: https://twitter.com/scottsantens/status/1766213155967955332 For more info about UBI, please refer to my UBI FAQ: http://scottsantens.com/basic-income-faq Donate to the Income To Support All Foundation to support UBI projects:https://www.itsafoundation.org/ Subscribe to the ITSA Newsletter for UBI news:https://itsanewsletter.beehiiv.com/subscribe Sign up for the Comingle waitlist for voluntary UBI:https://www.comingle.us/ -----Follow Scott: Twitter (X): https://twitter.com/scottsantens Facebook: https://www.facebook.com/scottsantens Everywhere else: https://linktr.ee/scottsantens -----Follow Conrad: https://x.com/theUBIguy https://www.facebook.com/conrad.yaney https://www.linkedin.com/in/conradshaw -----Follow Josh: https://x.com/misterjworth https://www.linkedin.com/in/joshworth/ ----- Special thanks to: Gisele Huff, Haroon Mokhtarzada, Steven Grimm, Judith Bliss, Lowell Aronoff, Jessica Chew, Katie Moussouris, David Ruark, Tricia Garrett, Zack Sargent, A.W.R., Daryl Smith, Larry Cohen, Philip Rosedale, Liya Brook, Frederick Weber, John Steinberger, Bridget I Flynn, Laurel gillespie, Dylan Hirsch-Shell, Tom Cooper, Robert Collins, Joanna Zarach, ace bailey, Daragh Ward, Albert Wenger, Andrew Yang, Peter T Knight, Michael Finney, David Ihnen, Miki Phagan, Albert Daniel Brockman, Natalie Foster, Joe Ballou, Arjun , Christopher Wroth, S, Jocelyn Hockings, Kara Gillies, Faith Stanhope, Mark Donovan, Capitalists for Shared Income, Jason Clark, Chuck Cordes, Thomas Fitzsimmons, Mark Broadgate, Leslie Kausch, Braden Ferrin , Juro Antal, Austin Begin, Deanna McHugh, Nikolaus Rath, chris heinz, Zachary Weaver, Justin Seifert, Jodi Sarda, Rosa Tran, bradzone, John Sullivan, Team TJ, Yang Deng, Yan Xie, Marie janicke, Tim , Warren J Polk, Jeffrey Emmett, Stephen Castro-Starkey, Kev Roberts, Nicolas Pouillard, Walter Schaerer, Eric Skiff, Thomas Welsh, Laura Ashby, and all my other funders for their support. If you'd like to see your name here in future video descriptions, you can do so by becoming a patron on Patreon at the UBI Producer level. https://www.patreon.com/scottsantens/membership --- Support this podcast: https://podcasters.spotify.com/pod/show/scottsantens/support

The inaugural episode of The Basic Income Show! For previous audio-only discussions between Conrad, Josh, and I, and the occasional special guest, check out the ITSA Live! playlist on Comingle's YouTube channel: https://www.youtube.com/watch?v=17-rRsLr_X4&list=PLrF7vwddTTzTWpvVvsCwrmwlg5k_v2zpV Like data? See my ongoing compilation of UBI evidence on Twitter/X: https://twitter.com/scottsantens/status/1766213155967955332 For more info about UBI, please refer to my UBI FAQ: http://scottsantens.com/basic-income-faq Donate to the non-profit Income To Support All Foundation to support UBI projects: https://www.itsafoundation.org/ Subscribe to the ITSA Newsletter: https://itsanewsletter.beehiiv.com/subscribe Sign up for the Comingle waitlist: https://www.comingle.us/ ----- 00:00:00 Intro 00:01:24 Theme Song 00:01:57 AI music 00:04:35 Universal Basic Guys 00:34:53 UK Winter Fuel Payments debate 00:57:09 Child Tax Credit arms race 01:17:25 US Sovereign Wealth Fund 01:37:10 Comingle 01:41:06 Wrap-up ----- Follow Scott on: Twitter (X): https://twitter.com/scottsantens Facebook: https://www.facebook.com/scottsantens Twitch: https://www.twitch.tv/scottsantens Instagram: https://www.instagram.com/scottsantens Reddit: https://www.reddit.com/r/ScottSantens Bluesky: https://bsky.app/profile/scottsantens.com Threads: https://www.threads.net/@scottsantens LinkedIn: https://www.linkedin.com/in/scottsantens/ ----- Follow Conrad: https://x.com/theUBIguy https://www.facebook.com/conrad.yaney https://www.linkedin.com/in/conradshaw/ ----- Follow Josh: https://x.com/misterjworth https://www.linkedin.com/in/joshworth/ ----- Special thanks to: Gisele Huff, Haroon Mokhtarzada, Steven Grimm, Judith Bliss, Lowell Aronoff, Jessica Chew, Katie Moussouris, David Ruark, Tricia Garrett, Zack Sargent, A.W.R., Daryl Smith, Larry Cohen, Philip Rosedale, Liya Brook, Frederick Weber, John Steinberger, Bridget I Flynn, Laurel gillespie, Dylan Hirsch-Shell, Tom Cooper, Robert Collins, Joanna Zarach, ace bailey, Daragh Ward, Albert Wenger, Andrew Yang, Peter T Knight, Michael Finney, David Ihnen, Miki Phagan, Albert Daniel Brockman, Natalie Foster, Joe Ballou, Arjun , Christopher Wroth, S, Jocelyn Hockings, Kara Gillies, Faith Stanhope, Mark Donovan, Capitalists for Shared Income, Jason Clark, Chuck Cordes, Thomas Fitzsimmons, Mark Broadgate, Leslie Kausch, Braden Ferrin , Juro Antal, Austin Begin, Deanna McHugh, Nikolaus Rath, chris heinz, Zachary Weaver, Justin Seifert, Jodi Sarda, Rosa Tran, bradzone, John Sullivan, Team TJ, Yang Deng, Yan Xie, Marie janicke, Tim , Warren J Polk, Jeffrey Emmett, Stephen Castro-Starkey, Kev Roberts, Nicolas Pouillard, Walter Schaerer, Eric Skiff, Thomas Welsh, Laura Ashby, and all my other funders for their support. If you'd like to see your name here in future video descriptions, you can do so by becoming a patron on Patreon at the UBI Producer level. Patreon: https://www.patreon.com/scottsantens/membership --- Support this podcast: https://podcasters.spotify.com/pod/show/scottsantens/support

As a leading expert on the topic of unconditional/universal basic income (UBI), a subject area I've been focused on now since 2013, I'm constantly trying to correct misunderstandings and debunk misinformation/disinformation spread about the concept and the evidence behind it. The results of another big test of basic income were released in July 2024 and there's a lot of poorly informed summaries and opinions out there about it. As someone who has actually read the results released so far (there's still more coming) as well as the results from over a hundred other studies of basic income and unconditional cash transfers in general, here is my distillation of the findings and the importance nuances of those findings in the context of the pilot itself, and in the larger context of other pilot results. Thank you for taking the time to watch this, giving it a like, and sharing it with others. Twitter thread pilot summary: https://x.com/scottsantens/status/1819389126954610699 Article url: https://www.scottsantens.com/did-sam-altman-basic-income-experiment-succeed-or-fail-ubi/ My ongoing compilation of UBI evidence on Twitter: https://twitter.com/scottsantens/status/1766213155967955332 For more info about UBI, please refer to my UBI FAQ: http://scottsantens.com/basic-income-faq 00:00 Intro 00:59 Beginning 04:28 The Context 07:20 Employment effects 13:39 Entrepreneurship effects 15:23 Job search effects 16:21 Not a saturation pilot 18:36 Job quality effects 19:53 Geographic mobility effects 20:51 Less abuse of drugs and alcohol 21:47 Health effects 22:47 Spending behavior 24:46 Lila's story 27:01 Future basic income studies 28:58 Conclusion 32:41 Patreon credits ----- Special thanks to: Gisele Huff, Haroon Mokhtarzada, Steven Grimm, Judith Bliss, Lowell Aronoff, Katie Moussouris, David Ruark, Tricia Garrett, Zack Sargent, A.W.R., Daryl Smith, Larry Cohen, Keith Smith, Philip Rosedale, Liya Brook, Frederick Weber, John Steinberger, Bridget I Flynn, Laurel gillespie, Dylan Hirsch-Shell, Tom Cooper, Robert Collins, Joanna Zarach, ace bailey, Daragh Ward, Andrew Yang, Peter T Knight, Michael Finney, David Ihnen, Miki Phagan, Albert Daniel Brockman, Natalie Foster, Joe Ballou, Arjun , Christopher Wroth, S, Jocelyn Hockings, Kara Gillies, Faith Stanhope, Mark Donovan, Capitalists for Shared Income, Jason Clark, Chuck Cordes, Thomas Fitzsimmons, Mark Broadgate, Leslie Kausch, Jessica Chew, Braden Ferrin , Juro Antal, Austin Begin, Deanna McHugh, Nikolaus Rath, chris heinz, Zachary Weaver, Jodi Sarda, Rosa Tran, Ryan Ash-Miller, bradzone, John Sullivan, Team TJ, Yang Deng, Yan Xie, Marie janicke, Tim , Warren J Polk, Jeffrey Emmett, Stephen Castro-Starkey, Kev Roberts, Nicolas Pouillard, Walter Schaerer, Eric Skiff, Thomas Welsh, and all my other funders for their support. If you'd like to see your name here in future video descriptions, you can do so by becoming a patron on Patreon at the UBI Producer level. Patreon: https://www.patreon.com/scottsantens/membership ----- Follow me on: Twitter (X): https://twitter.com/scottsantens Facebook: https://www.facebook.com/scottsantens Instagram: https://www.instagram.com/scottsantens Reddit: https://www.reddit.com/r/ScottSantens Spotify: https://podcasters.spotify.com/pod/show/scottsantens Apple Podcasts: https://itunes.apple.com/us/podcast/the-scott-santens-ubi-enterprise/id1443672122 --- Support this podcast: https://podcasters.spotify.com/pod/show/scottsantens/support

Lawfare Editor-in-Chief Benjamin Wittes sits down with Katie Moussouris of Luta Security to talk bug bounties. Where do they come from? What is their proper role in cybersecurity? What are they good for, and most importantly, what are they not good for? Moussouris was among the hackers who first did bug bounties at scale—for Microsoft, and then for the Pentagon. Now she helps companies set up bug bounty programs and is dismayed by how they are being used.To receive ad-free podcasts, become a Lawfare Material Supporter at www.patreon.com/lawfare. You can also support Lawfare by making a one-time donation at https://givebutter.com/c/trumptrials.Support this show http://supporter.acast.com/lawfare. Hosted on Acast. See acast.com/privacy for more information.

Bryan and Adam were joined by security expert, Katie Moussouris, to discuss the largest global IT outage in history. It was an event as broadly impactful as it will be instructive; as Bryan noted, you can see all of computing from here, from crash dumps to antitrust.In addition to Bryan Cantrill and Adam Leventhal, we were joined by special guest Katie Moussouris.PRs needed!If we got something wrong or missed something, please file a PR! Our next show will likely be on Monday at 5p Pacific Time on our Discord server; stay tuned to our Mastodon feeds for details, or subscribe to this calendar. We'd love to have you join us, as we always love to hear from new speakers!

This discussion took place in a Twitter (X) Space on April 3, 2024. I was joined by land value tax expert Stephen Hoskins, along with my co-hosts Conrad Shaw and Josh Worth, to discuss land value taxes and why they make so much sense to paired with universal basic income. Listen to all ITSA Live episodes: ⁠https://www.youtube.com/playlist?list=PLrF7vwddTTzTWpvVvsCwrmwlg5k_v2zpV For more info about UBI, please refer to my UBI FAQ: ⁠⁠⁠⁠http://scottsantens.com/basic-income-faq⁠⁠⁠⁠ You can support my work through Patreon: ⁠⁠⁠⁠https://patreon.com/scottsantens⁠⁠⁠⁠ Thank you to all my UBI Producer tier supporters: Gisele Huff, Haroon Mokhtarzada, Steven Grimm, Judith Bliss, Lowell Aronoff, Katie Moussouris, David Ruark, Tricia Garrett, Zack Sargent, A.W.R., Daryl Smith, Larry Cohen, Philip Rosedale, Liya Brook, Frederick Weber, John Steinberger, Bridget I Flynn, Laurel gillespie, Dylan Hirsch-Shell, Tom Cooper, Robert Collins, Joanna Zarach, ace bailey, Daragh Ward, Andrew Yang, Peter T Knight, Michael Finney, David Ihnen, Miki Phagan, Albert Daniel Brockman, Natalie Foster, Joe Ballou, Arjun, Kara Gillies, Lyn Newman, Mark Donovan, Capitalists for Shared Income, Jason Clark, Chuck Cordes, Thomas Fitzsimmons, Mark Broadgate, Leslie Kausch, Jessica Chew, Braden Ferrin, Juro Antal, Austin Begin, Deanna McHugh, Nikolaus Rath, chris heinz, Pavel S, Zachary Weaver, Justin Seifert, Jodi Sarda, Rosa Tran, Ryan Ash-Miller, bradzone, John Sullivan, Team TJ, Yang Deng, Yan Xie, Marie janicke, engageSimply - Judy Shapiro, Tim, Warren J Polk, Jeffrey Emmett, Stephen Castro-Starkey, Kev Roberts, Nicolas Pouillard, Walter Schaerer, Loren Sickles, Eric Skiff, Thomas Welsh, Kai Wong, and Laura Ashby, and all my other monthly supporters on Patreon too. --- Support this podcast: https://podcasters.spotify.com/pod/show/scottsantens/support

Much discussion has been had around basic income as a policy response to automation and as a result, over 150 pilot experiments have been launched in cities across the US to study it. Now in response to the successful results beginning to come out from those pilots, some states are beginning to ban the experiments from happening. One lobbying group in particular is behind these efforts to stop UBI, and its biggest funder is a billionaire most people have never even heard of. Read my article: https://www.scottsantens.com/billionaire-fueled-lobbying-group-behind-the-state-bills-to-ban-universal-basic-income-experiments-ubi/ My ongoing compilation of UBI evidence on Twitter: https://twitter.com/scottsantens/status/1766213155967955332 For more info about UBI, please refer to my UBI FAQ: http://scottsantens.com/basic-income-faq ----- Special thanks to: Gisele Huff, Haroon Mokhtarzada, Steven Grimm, Judith Bliss, Lowell Aronoff, Katie Moussouris, David Ruark, Tricia Garrett, Zack Sargent, A.W.R., Daryl Smith, Larry Cohen, Fabian Kehrer, Philip Rosedale, Liya Brook, Frederick Weber, John Steinberger, Bridget I Flynn, Laurel gillespie, Dylan J Hirsch-Shell, Tom Cooper, Robert Collins, Joanna Zarach, ace bailey, Daragh Ward, Andrew Yang, Peter T Knight, Michael Finney, David Ihnen, Gerald Huff, Albert Daniel Brockman, Natalie Foster, Joe Ballou, Arjun , Mark Donovan, Capitalists for Shared Income, Jason Clark, Chuck Cordes, Thomas Fitzsimmons, Mark Broadgate, Leslie Kausch, Jessica Chew, Braden Ferrin , Juro Antal, Austin Begin, Deanna McHugh, Nikolaus Rath, chris heinz, Pavel S, Zachary Weaver, Justin Seifert, Jodi Sarda, Rosa Tran, Ryan Ash-Miller, miki, bradzone, Lee Lor, John Sullivan, Team TJ, Yang Deng, Yan Xie, Marie janicke, engageSimply - Judy Shapiro, Tim , Warren J Polk, Jeffrey Emmett, Stephen Castro-Starkey, Kev Roberts, Walter Schaerer, Loren Sickles, Eric Skiff, Thomas Welsh, Kai Wong, and Laura Ashby, and all my other funders for their support. If you'd like to see your name here in future video descriptions, you can do so by becoming a patron on Patreon at the UBI Producer level. Patreon: https://www.patreon.com/scottsantens/membership ----- Follow me on: Twitter: https://twitter.com/scottsantens Facebook: https://www.facebook.com/scottsantens Instagram: https://www.instagram.com/scottsantens Reddit: https://www.reddit.com/r/ScottSantens Spotify: https://podcasters.spotify.com/pod/show/scottsantens Apple Podcasts: https://itunes.apple.com/us/podcast/the-scott-santens-ubi-enterprise/id1443672122 --- Support this podcast: https://podcasters.spotify.com/pod/show/scottsantens/support

Episode sponsors: Binarly, the supply chain security experts (https://binarly.io) FwHunt (https://fwhunt.run) Katie Moussouris founded Luta Security in 2016 and bootstrapped it into a profitable business with a culture of equity and healthy boundaries. She is a pioneer in the world of bug bounties and vulnerability disclosure and serves in multiple advisory roles for the U.S. government, including the new CISA Cyber Safety Review Board (CSRB). In this episode, Moussouris discusses Luta Security's new Workforce Platform profit-sharing initiative, the changing face of the job market, criticisms of the CSRB's lack of enforcement authority, and looming regulations around zero-day vulnerability data.

This discussion took place in a Twitter (X) Space on September 6, 2023. I was joined by the co-founders of Comingle - Conrad Shaw and Josh Worth - to discuss the project and universal basic income in general. Comingle is an app being developed to create a small basic income floor for all members. All members will pledge an equal percentage of their income and in return all receive an equal basic income floor of around $50 a week. Help crowdfund Comingle's development: https://www.indiegogo.com/projects/comingle Visit Comingle's website: https://www.comingle.us/ Comingle on Reddit: https://www.reddit.com/r/Comingle/ For more info about UBI, please refer to my UBI FAQ: ⁠⁠⁠http://scottsantens.com/basic-income-faq⁠⁠⁠ You can support these podcasts through Anchor or Patreon: ⁠⁠⁠https://patreon.com/scottsantens⁠⁠⁠ Thank you to all my Podcast Executive Producer supporters: Gerald Huff Fund for Humanity, Haroon Mokhtarzada, Matthew Cheney, Katie Moussouris, Tricia Garrett, Zack Sargent, David Ruark, Larry Cohen, Fabian Kehrer, Liya Brook, John Steinberger, Laurel gillespie, Dylan J Hirsch-Shell, Tom Cooper, Judith Bliss, Robert Collins, Daryl Smith, Joanna Zarach, ace bailey, Daragh Ward, Andrew Yang, Bridget I Flynn, Peter T Knight, David Ihnen, Michael Finney, Elizabeth Corker, Gerald Huff, Albert Daniel Brockman, Natalie Foster, Joe Ballou, Chris Rauchle, Arjun , Bram Zeigler, Jason Clark, Chuck Cordes, Thomas Fitzsimmons, Mark Borrington, Leslie Kausch, Jessica Chew, Braden Ferrin , Deanna McHugh, chris heinz, Pavel S, Zachary Weaver, Justin Seifert, Jodi Sarda, Rosa Tran, Ryan Ash-Miller, miki, bradzone, Lee Lor, Akber Khan, John Sullivan, Team TJ, Yang Deng, Yan Xie, Marie janicke, engageSimply - Judy Shapiro, Garry Turner, Tim , Warren J Polk, Jeffrey Emmett, Stephen Castro-Starkey, Kev Roberts, Walter Schaerer, Loren Sickles, anti666, Eric Skiff, Thomas Welsh, Kai Wong, Laura Ashby, and all my other monthly supporters on Patreon too. --- Support this podcast: https://podcasters.spotify.com/pod/show/scottsantens/support

This is the audio of a speech I gave in July 2023 as the closing keynote for England's Basic Income North 2023 Conference. Video available too: ⁠⁠https://youtu.be/U2XbrVQZLnI For more info about UBI, please refer to my UBI FAQ: ⁠⁠http://scottsantens.com/basic-income-faq⁠⁠ You can support these podcasts through Anchor or Patreon: ⁠⁠https://patreon.com/scottsantens⁠⁠ Thank you to all my Podcast Executive Producer supporters: Gisele Huff, Haroon Mokhtarzada, Steven Grimm, Matthew Cheney, Camilo Riviere, Katie Moussouris, Tricia Garrett, Zack Sargent, David Ruark, Larry Cohen, Liya Brook, Frederick Weber, John Steinberger, Laurel Gillespie, Dylan J Hirsch-Shell, Tom Cooper, Michael Tinker, Judith Bliss, Robert Collins, Daryl Smith, Joanna Zarach, ace bailey, Daragh Ward, Albert Wenger, Bridget I Flynn, Peter T Knight, David Ihnen, Laura Ashby, and all my other monthly supporters on Patreon too. --- Support this podcast: https://podcasters.spotify.com/pod/show/scottsantens/support

Today, James and Marc are thrilled to welcome Katie Moussouris, the founder and CEO of Luta Security. Prepare yourself for an extraordinary conversation on bug bounty programs, the intricacies of vulnerability disclosures, and the influence of regulations and governance within cybersecurity. Katie also shares some amazing stories including her swift response to a teardrop attack during her tenure at the Human Genome Project and her ingenious two cell phone hack of the well-known social audio app, "Clubhouse."

This episode is a reading of my article, "A.I. Will Not Displace Everyone, Everywhere, All at Once. It Will Rapidly Transform the Labor Market, Exacerbating Inequality, Insecurity, and Poverty." Link to read and share the article: ⁠https://www.scottsantens.com/ai-will-rapidly-transform-the-labor-market-exacerbating-inequality-insecurity-and-poverty/ For more info about UBI, please refer to my UBI FAQ: ⁠http://scottsantens.com/basic-income-faq⁠ You can support these podcasts through Anchor or Patreon: ⁠https://patreon.com/scottsantens⁠ Thank you to all my Podcast Executive Producer supporters: Gisele Huff, Haroon Mokhtarzada, Steven Grimm, Matthew Cheney, Camilo Riviere, Katie Moussouris, Tricia Garrett, Zack Sargent, David Ruark, Larry Cohen, Liya Brook, Frederick Weber, John Steinberger, Laurel Gillespie, Dylan J Hirsch-Shell, Tom Cooper, Michael Tinker, Judith Bliss, Robert Collins, Daryl Smith, Joanna Zarach, ace bailey, Daragh Ward, Albert Wenger, Bridget I Flynn, Peter T Knight, David Ihnen, Max Henrion, Elizabeth Corker, Gray Scott, Gerald Huff, Albert Daniel Brockman, Michael Honey, Natalie Foster, Joe Ballou, Chris Rauchle, Arjun, Laura Ashby, and all my other monthly supporters on Patreon too. --- Support this podcast: https://podcasters.spotify.com/pod/show/scottsantens/support

A lifelong hacker, Katie Moussouris's reputation is legion in cybersecurity. She was the pioneering creator of Microsoft's bug bounty program, as chronicled in Nicole Perloth's bestseller, This Is How They Tell Me the World Ends: The Cyber Weapons Arm Race. She helped the Department of Defense create its first bug bounty program, and previously served as Chief Policy Officer at HackerOne. In this episode, this powerhouse duo touch on:Origins of bug bounty programsTaking a hacker mindset to your careerThe pay equity gapIncreasing reliance on technology that we're having trouble securingFollow Katie Hanahan on LinkedInFollow Katie Moussouris on Twitter, LinkedIn

Earn additional income by sharing your opinion on userinterviews.com!Episode Resources:Nadia's BookNadia's websiteNadia's TwitterAbout Nadia ZhukNadia is a software engineer at Intercom, and was previously working at Zendesk. Before, Nadia was an English teacher, and journalist, until she decided to learn programming and enter the tech world.Make code reviews your superpower at awesomecodereviews.com! Other episodes you'll enjoyDo code reviews frustrate developers?The Secret To High-Quality CodeVulnerability disclosure with Katie Moussouris

This episode is a reading of my article, "ChatGPT Has Already Decreased My Income Security, and Likely Yours Too", and it is read by an AI I trained on my own voice using Resemble.AI. It just seemed particularly fitting to do it this way. Link to read and share the article: https://www.scottsantens.com/chatgpt-has-already-decreased-my-income-security/ For more info about UBI, please refer to my UBI FAQ: http://scottsantens.com/basic-income-faq You can support these podcasts through Anchor or Patreon: https://patreon.com/scottsantens Thank you to all my Podcast Executive Producer supporters: Gisele Huff, Haroon Mokhtarzada, Steven Grimm, Matthew Cheney, Katie Moussouris, Tricia Garrett, Zack Sargent, Larry Cohen, Frederick Weber, CanadayVibes , Kerry Bosworth, Laurel gillespie, Dylan J Hirsch-Shell, Tom Cooper, Michael Tinker, Judith Bliss, Robert Collins, Daryl Smith, Joanna Zarach, ace bailey, Daragh Ward, Albert Wenger, Andrew Yang, Bridget I Flynn, Peter T Knight, David Ihnen, Myles McLane, Max Henrion, Elizabeth Corker, Gray Scott, Gerald Huff, Albert Daniel Brockman, Michael Honey, Natalie Foster, Joe Ballou, Chris Rauchle, Arjun, Laura Ashby, and all my other monthly supporters on Patreon too. --- Support this podcast: https://anchor.fm/scottsantens/support

Earn additional income by sharing your opinion on userinterviews.com!Episode Resources:Executive Order on Improving the Nation's CybersecurityAlpha-Omega ProjectsCybersecurity & Infrastructure Security Agency (Cisa)Tools to create SBOM  About Barak BrudoBarak Brudo helps organizations secure their software supply chain. He works as a Developer Relations Advocate at Scribe Security.Other episodes you'll enjoyWhat developers should know about securityThe Secret To High-Quality CodeVulnerability disclosure with Katie Moussouris 

Episode sponsors: Binarly (https://binarly.io) FwHunt (https://fwhunt.run) Luta Security founder and chief executive Katie Moussouris joins the show to dish on the bug-bounty ecosystem, the abuse of hacker labor, and the common mistakes made by even the most mature security programs. A security industry pioneer, Moussouris argues for better use of bug bounty metrics to drive decisions and a heavy focus on reducing duplicate vulnerability submissions.

In this fireside chat from SecurityWeek's CISO Forum, Luta Security chief executive Katie Moussouris  shares lessons from her work creating bug bounty and vulnerability disclosure programs for some of the biggest organizations in the world. Join this session to learn about the value -- and pitfalls -- of bug bounty programs, best practices around managing the flow of vulnerability data, and security response priorities.

On June 24 I took part in a panel about the macroeconomics of basic income at the 2022 BIG Conference in Portland, Oregon. Here is an audio recording of the talk I gave that day where I attempted to zoom out and look at the big picture of money, economics, and humanity. For more info about UBI, please refer to my UBI FAQ: http://scottsantens.com/basic-income-faq You can support these podcasts through Anchor or Patreon: https://patreon.com/scottsantens Thank you to all my Podcast Executive Producer supporters: Gisele Huff, Haroon Mokhtarzada, Steven Grimm, Katie Moussouris, Tricia Garrett, Zack Sargent, David Ruark, Larry Cohen, Matthew Cheney, Frederick Weber, Patrick Brown, CanadayVibes, Kerry Bosworth, Laurel Gillespie, Dylan J Hirsch-Shell, Tom Cooper, Michael Tinker, Robert Collins, Daryl Smith, Joanna Zarach, Justin Walsh, ace bailey, Daragh Ward, Albert Wenger, Andrew Yang, Bridget I Flynn, Peter T Knight, David Ihnen, and Laura Ashby. --- Support this podcast: https://anchor.fm/scottsantens/support

On July 26 I took part in a conversation on Twitter Spaces where we talked about UBI for over two hours. A segment of about 21 minutes in length was then edited from the discussion and aired on WPKN radio. Here is that episode as heard on the radio. For more info about UBI, please refer to my UBI FAQ: http://scottsantens.com/basic-income-faq You can support these podcasts through Anchor or Patreon: https://patreon.com/scottsantens Thank you to all my Podcast Executive Producer supporters: Gisele Huff, Haroon Mokhtarzada, Steven Grimm, Floyd Marinescu, Katie Moussouris, Zack Sargent, Jeff , David Ruark, Larry Cohen, Matthew Cheney, Frederick Weber, Patrick Brown, CanadayVibes , Kerry Bosworth, Laurel gillespie, Dylan J Hirsch-Shell, Tom Cooper, Michael Tinker, Robert Collins, Daryl Smith, Joanna Zarach, Justin Walsh, ace bailey, Daragh Ward, Albert Wenger, Andrew Yang, John Steinberger, Bridget I Flynn, Peter T Knight, David Ihnen, and Laura Ashby. --- Support this podcast: https://anchor.fm/scottsantens/support

We talked with Katie Moussouris about the evolution of vulnerability disclosure, Bug Bounties, and tons of other exciting stuff.

This week in the AppSec News: SynLapse shows shell injection via ODBC, Java deserialization example, MFA for Ruby Gems ecosystem, simple flaws in firmware, the decade-long journey of a Safari vuln, & more!   IE has gone to 11 and is no more. There's some notable history related to IE11 and bug bounty programs. In 2008, Katie Moussouris and others from Microsoft announced their vulnerability disclosure program. In 2013 this evolved into a bug bounty program piloted with IE11, with award ranges from $500 to $11,000. Ten years later, that bounty range is still common across the industry. The technical goals of the program remain similar as well -- RCEs, universal XSS, and sandbox escapes are all vulns that can easily gain $10,000+ (or an order of magnitude greater) in modern browser bounty programs. So, even if we've finally moved on from a browser with an outdated security architecture, we're still dealing with critical patches in modern browsers. Fortunately, the concept of bounty programs continues. References: - https://www.blackhat.com/presentations/bh-usa-08/Reavey/MSRC.pdf - https://media.blackhat.com/bh-usa-08/video/bh-us-08-Reavey/black-hat-usa-08-reavey-securetheplanet-hires.m4v - https://web.archive.org/web/20130719064943/http://www.microsoft.com/security/msrc/report/IE11.aspx - https://web.archive.org/web/20190507215514/https://blogs.technet.microsoft.com/bluehat/2013/07/03/new-bounty-programs-one-week-in/   Visit https://www.securityweekly.com/asw for all the latest episodes! Follow us on Twitter: https://www.twitter.com/secweekly Like us on Facebook: https://www.facebook.com/secweekly   Show Notes: https://securityweekly.com/asw201

This week in the AppSec News: SynLapse shows shell injection via ODBC, Java deserialization example, MFA for Ruby Gems ecosystem, simple flaws in firmware, the decade-long journey of a Safari vuln, & more!   IE has gone to 11 and is no more. There's some notable history related to IE11 and bug bounty programs. In 2008, Katie Moussouris and others from Microsoft announced their vulnerability disclosure program. In 2013 this evolved into a bug bounty program piloted with IE11, with award ranges from $500 to $11,000. Ten years later, that bounty range is still common across the industry. The technical goals of the program remain similar as well -- RCEs, universal XSS, and sandbox escapes are all vulns that can easily gain $10,000+ (or an order of magnitude greater) in modern browser bounty programs. So, even if we've finally moved on from a browser with an outdated security architecture, we're still dealing with critical patches in modern browsers. Fortunately, the concept of bounty programs continues. References: - https://www.blackhat.com/presentations/bh-usa-08/Reavey/MSRC.pdf - https://media.blackhat.com/bh-usa-08/video/bh-us-08-Reavey/black-hat-usa-08-reavey-securetheplanet-hires.m4v - https://web.archive.org/web/20130719064943/http://www.microsoft.com/security/msrc/report/IE11.aspx - https://web.archive.org/web/20190507215514/https://blogs.technet.microsoft.com/bluehat/2013/07/03/new-bounty-programs-one-week-in/   Visit https://www.securityweekly.com/asw for all the latest episodes! Follow us on Twitter: https://www.twitter.com/secweekly Like us on Facebook: https://www.facebook.com/secweekly   Show Notes: https://securityweekly.com/asw201

IE has gone to 11 and is no more. There's some notable history related to IE11 and bug bounty programs. In 2008, Katie Moussouris and others from Microsoft announced their vulnerability disclosure program. In 2013 this evolved into a bug bounty program piloted with IE11, with award ranges from $500 to $11,000. Ten years later, that bounty range is still common across the industry. The technical goals of the program remain similar as well -- RCEs, universal XSS, and sandbox escapes are all vulns that can easily gain $10,000+ (or an order of magnitude greater) in modern browser bounty programs. So, even if we've finally moved on from a browser with an outdated security architecture, we're still dealing with critical patches in modern browsers. Fortunately, the concept of bounty programs continues.   References: - https://www.blackhat.com/presentations/bh-usa-08/Reavey/MSRC.pdf - https://media.blackhat.com/bh-usa-08/video/bh-us-08-Reavey/black-hat-usa-08-reavey-securetheplanet-hires.m4v - https://web.archive.org/web/20130719064943/http://www.microsoft.com/security/msrc/report/IE11.aspx - https://web.archive.org/web/20190507215514/ https://blogs.technet.microsoft.com/bluehat/2013/07/03/new-bounty-programs-one-week-in/   Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw201

IE has gone to 11 and is no more. There's some notable history related to IE11 and bug bounty programs. In 2008, Katie Moussouris and others from Microsoft announced their vulnerability disclosure program. In 2013 this evolved into a bug bounty program piloted with IE11, with award ranges from $500 to $11,000. Ten years later, that bounty range is still common across the industry. The technical goals of the program remain similar as well -- RCEs, universal XSS, and sandbox escapes are all vulns that can easily gain $10,000+ (or an order of magnitude greater) in modern browser bounty programs. So, even if we've finally moved on from a browser with an outdated security architecture, we're still dealing with critical patches in modern browsers. Fortunately, the concept of bounty programs continues.   References: - https://www.blackhat.com/presentations/bh-usa-08/Reavey/MSRC.pdf - https://media.blackhat.com/bh-usa-08/video/bh-us-08-Reavey/black-hat-usa-08-reavey-securetheplanet-hires.m4v - https://web.archive.org/web/20130719064943/http://www.microsoft.com/security/msrc/report/IE11.aspx - https://web.archive.org/web/20190507215514/ https://blogs.technet.microsoft.com/bluehat/2013/07/03/new-bounty-programs-one-week-in/   Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw201

Decipher Editor in Chief Dennis Fisher joins the podcast to discuss a series he recently published on the history and evolution of bug bounties. In the series, Dennis talks to the hackers and researchers who took an idea and turned it into one of information security's most well-known and lucrative industries. In this episode, Fisher covers the early days of bug bounties, the No More Free Bugs movement, the legal landmines researchers faced doing vulnerability research—essentially for free—the gray markets for bugs and exploits, and how pioneers such as Katie Moussouris worked tirelessly to make bug bounty programs a reality not only at Microsoft, but also within the Pentagon. Read the three-part series at Decipher:"Lawyers, Bugs, and Money: When Bug Bounties Went Boom, Part 1""Uprising in the Valley: When Bug Bounties Went Boom, Part 2""Drive it Like You Stole It: When Bug Bounties Went Boom, Part 3"

When Luta Security CEO and founder Katie Moussouris analyzed the popular social "listening" app Clubhouse, she found a way to eavesdrop on conversations without notifying other users. This was, Moussouris said, a serious and basic flaw, so, using her years of expertise, she documented the vulnerability and emailed some information to the company.  Her emails went unanswered for weeks.  Today, on Lock and Code with host David Ruiz, we speak to Moussouris about Clubhouse, vulnerability disclosure, and the imperfect implementations of "bug bounty" programs. 

TechSpective Podcast Episode 067 Vulnerabilities are everywhere and they will not be going away. That means they need to be researched and discovered and addressed. But, what is the right way to go about that process? Katie Moussouris, founder and CEO of Luta Security, is my guest for this episode of the TechSpective Podcast and [...] The post Katie Moussouris – Coordinated Vulnerability Disclosure and the Problem with Bug Bounty Platforms appeared first on TechSpective.

Americans’ Online Security Needs An Update Last week, all eyes were on the shutdown of a gas pipeline that delivered fuel to large portions of the Southeastern US. The shutdown was not due to a leak or planned pipeline maintenance, but to a ransomware attack that took billing computers at the pipeline operator offline. The attack had encrypted data on those computers, rendering the data unusable to the pipeline operator until they paid a ransom.In recent years, similar ransomware attacks have affected other significant industries, from computers in a hospital cancer clinic to the Irish health system. Cybersecurity specialist Katie Moussouris, founder and CEO of Luta Security, joins Ira to talk about what’s behind the rise of ransomware attacks, and what businesses need to do to lessen their risks. Among the causes, she says, are increasing availability of anonymous money transfers via cryptocurrency, nation-states that sometimes turn a blind eye to hacking activities, and businesses who grow quickly without expanding their security to match. In West Virginia, Opioid Distributors Are Finally On Trial A trial is underway in West Virginia against the nation’s three largest opioid distributors: Cardinal Health, AmerisourceBergen, and McKesson. The companies are accused of funneling massive amounts of painkillers to West Virginia communities, fueling the opioid crisis that has devastated parts of the region. By some measures, Cabell County has the worst drug overdose rate in the country, and its rate of overdose deaths is six times the national average. While the companies say the doctors who prescribed the pills are to blame, this trial is a community’s attempt to hold the massive companies accountable. The city of Huntington, West Virginia and the Cabell County Commission brought the case against the companies.  Joining Ira to talk about this trial and what led up to it is Eric Eyre, investigative reporter at Mountain State Spotlight in Charleston, West Virginia. Eric won a 2017 Pulitzer Prize for his reporting on the opioid epidemic in West Virginia, and is the author of the book Death in Mud Lick: A Coal Country Fight Against the Drug Companies That Delivered the Opioid Epidemic. Video Game Skills May Make Better Surgeons The classic board game Operation—in which players try to use conductive tweezers to remove a patient’s funny bone and other ailing imaginary organs—may not be the best tool for training real life surgeons for the operating room. But according to a recent paper published in the journal Surgery, playing video games may have a benefit for training surgeons in specific medical fields.  Arnav Gupta, a third-year medical student at the University of Ottawa and co-author of the study, told Ira that the largest benefits of gaming seemed to come in two specific areas. Gains seen in robotic surgery skills might be due to the similarity of the robotic controls to a game controller joystick. Improvements in laparoscopic surgery, where surgeons operate using instruments inserted through tubes in a thin slit in a patient, may increase doctors’ ability to translate images on a screen to three-dimensional movements. (The researchers didn’t see major improvements in other types of surgery.) Gupta discusses the research with Ira, as well as possible next steps for ways gaming could improve medical training. What A Rare Baseball Collision Tells Us About The Physics Of The Game Recently during a pre-game warmup, Phillies right fielder Bryce Harper was doing some batting practice when he hit a line drive to right field, and it collided with another ball in midair. It was an extremely rare event we’ll probably never see again. But if someone were to try and duplicate the collision, would physics work in their favor?  Ira is joined by Rhatt Allain, assistant professor of physics at Southeastern Louisiana University and writer for Wired’s Dot Physics blog, for a quick back of the envelope discussion. Plus, baseball players and fans are learning more about the physics of the game—exit velocity and launch angle are now statistics that people can calculate and tally. Dr. Alan Nathan, professor emeritus of physics at University of Illinois and professional baseball consultant, talks about how physics is changing how America’s pastime is played.  The Resonating Room Tones Of Composer Alvin Lucier Alvin Lucier is one of the giant figures in experimental, electronic and electro-acoustic music, known for “making the inaudible…audible.”  Last week, he turned 90, and the celebration included a 27 hour marathon of his most famous piece, “I Am Sitting In A Room.” The piece, first recorded in 1969, is very simple in concept but deceptively complex. It consists of a short passage of text, read aloud in a room. That sound is recorded and then played back into that same room, picked up by the same microphone, over and over, until the room resonance renders the speech otherworldly and unintelligible. "I Am Sitting In A Room" has been performed around the world, and has even prompted a series of adaptations by YouTubers, including one who uploaded his video 1,000 times, resulting in bizarre video degradation over time. Lucier’s work has been academically studied for years, and presented and championed at MIT’s Media Lab in seminars devoted to the “quality of sound as experience.”  Listen to his work and a SciFri Soundscape of the music.  

Dennis Fisher talks with Katie Moussouris, Rich Mogull, Kymberlee Price, and Thomas Ptacek about the unique and inspiring life and legacy of hacker Dan Kaminsky.

Luta Security founder, security entrepreneur, and vulnerability disclosure pioneer Katie Moussouris joins the Aperture Podcast to talk about influential researcher Dan Kaminsky, who died April 23 at 42 years old. Katie discusses the breadth of Dan's work as a researcher, and his friendship, empathy, and outreach within the security community. Katie also talks about her work advocating for pay, gender and employment equity, and how her mother persevered as a single mother earning significantly less than male counterparts. Katie also explains her return to her hacker roots uncovering two serious vulnerabilities in the audio-based social networking app, Clubhouse, and the state of vulnerability disclosure programs and bug bounties. 

In this episode of The Gate 15 Interview, Andy Jabbour talks with Matt Mitchell, “a hacker and Tech Fellow at The Ford Foundation. Matt is working with the BUILD and Technology and Society teams at Ford Foundation to develop digital security strategy, technical assistance offerings, and safety and security measures for the foundation's grantee partners. Matt was recently named by WIRED magazine as one of the 25 ‘innovators who are using technology to lead society through this period of global uncertainty and pointing the way to a safer future.' called the WIRED25.” In 2017, Matt was listed by VICE's MOTHERBOARD as a HUMAN OF THE YEAR, for his work protecting marginalized communities from surveillance. Read more about Matt in this Medium post. Photo by Nick Lee, via Medium. Matt on Twitter. Matt on LinkedIn. In the discussion we address: • Matt's background • Current projects  • Privacy as a right • Privacy as security • And more! “Backdoors… they don't work…” – Matt Mitchell, in The Gate 15 Interview, recorded 21 Apr 2021 A few references mentioned in or relevant to our discussion include: • Matt Mitchell Is Arming Underserved Communities With Anti-Surveillance Tools, Vice, 14 Feb 2017 • Ford Foundation, BUILD • Ford Foundation, Cybersecurity Assessment Tool • Nigerian Tech Hub Update: It's Funded, Built, Educating, and… by Ronnie Tokazowski, @iHeartMalware, 08 Apr 2021 • Can you fight BEC popularity in Nigeria by steering youth to legitimate IT jobs? by Catalin Cimpanu, @campuscodi, on The Record, by Recorded Future, @TheRecord_Media, 18 Apr 2021  • Zero Trust: Enable a remote workforce by embracing Zero Trust security, Micorsoft • William Coffee, NSA 2011 Hall of Honor Inductee, African American Honoree. “In April 1946, William D. Coffee was awarded the Commendation for Meritorious Civilian service for his wartime leadership in exploiting critical enciphered messages. During a time of harsh racial discrimination, he excelled and became the acting supervisor of a segregated office that made impressive contributions to the nation's cryptologic achievements.”  • CryptoHarlem • Wikipedia: CryptoParty • On Bug Bounties: Google Project Zero will give a 30-day grace period before disclosing security issues, Kim Lyons, @SocialKimLy, The Verge, @verge, 17 Apr 2021 • The do's and don'ts of bug bounty programs with Katie Moussouris (@k8em0), by Zack Whittaker, @zackwhittaker, TechCrunch, @TechCrunch, 07 Apr 2021 • Zack Whittaker@zackwhittaker / 3:15 PM EDT•April 7, 2021 • DON'T PANIC. Making Progress on the "Going Dark" Debate, The Berkman Center for Internet & Society at Harvard University "One: the companies want to surveil the people. Two: the organizations, the companies, don't have people's best interests at heart…" – Matt Mitchell, in Vice, 14 Feb 2017

Katie Moussouris is now a recognizable name in the cybersecurity industry. She is one of the pioneers in the world of bug bounties after starting Microsoft's program. But before she became a famous hacker, Moussouris started like many others: hacking video games. Here's the story of her first hack. See acast.com/privacy for privacy and opt-out information.

Katie Moussouris is now a recognizable name in the cybersecurity industry. She is one of the pioneers in the world of bug bounties after starting Microsoft’s program. But before she became a famous hacker, Moussouris started like many others: hacking video games. Here’s the story of her first hack. See acast.com/privacy for privacy and opt-out information.

Casey Ellis, Founder & CTO of Bugcrowd and Katie Moussouris, Founder & CEO of Luta Security discuss vulnerability disclosure programs with Mike and Joe today. Developing a disclosure program can be so complex that many organizations don't create one at all. So we asked - what processes should companies put in place to be sure they provide vulnerability information safely and in a usable way? Our guests today share the best practice steps that companies should take to prepare.

This episode is sponsored by ConfigCat – your favorite feature flag management tool. Links:Katie’s Twitter profileLuta is hiringMore about vulnerability disclosureMichaela's Code review workshops Subscribe on iTunes, Spotify, Google, Deezer, or via RSS.

Last year Russia infiltrated the digital networks of federal agencies and many of America’s largest corporations, and last week’s armed insurrection on the US Capitol was fomented through disinformation campaigns on social media. Cyberattacks and manipulation of elections and domestic affairs threaten national security and global relations. John Carlin of the Aspen Institute’s Cybersecurity & Technology Program leads a conversation with Kevin Mandia, CEO of FireEye, the cybersecurity company that uncovered last year’s massive Russian hack, Senator Mark Warner, Vice Chair of the Senate Intelligence Committee, and Luta Security’s  founder and digital defense expert Katie Moussouris. They discuss how the Russian hack was discovered and what it means for the future of digital security worldwide, including how to assign responsibility for cybersecurity and social media failures. Senator Warner also shares his assessment of the damage of a foreign-led cyber attack compared to the domestic insurgence he experienced at the Capitol. Their conversation was recorded on January 7, 2021.

As part of NSI's project focused on Technology Innovation and American National Security, NSI pulled together a panel of our experts to discuss the recent hack of the Department of Treasury and Department of Commerce, and what the government can do to defend against attacks like this in the future. Speakers included:Jamil N. Jaffer, NSI Founder and Executive Director;Sam Kaplan, NSI Visiting Fellow and former Assistant Secretary of Homeland Security for Cyber, Infrastructure, and Resilience Policy;Katie Moussouris, NSI Visiting Fellow and founder and CEO of Luta Security; and,Dave Weinstein, NSI Visiting Fellow and former CTO and CISO of the State of New Jersey See acast.com/privacy for privacy and opt-out information.

How do you go from pentester to creator of Microsoft's bug bounty program? Find out from hacker and vulnerability disclosure pioneer, Katie Moussouris. Join us for a fascinating interview with Katie about her journey, the bugs in bug bounty programs, and the people who inspired her along the way. With Kimberly Truong and special guest Katie Moussouris (@k8em0 on Twitter), Founder and CEO of Luta Security. Original music by Edith Mudge Got questions/suggestions/stories to share? Email tips@sophos.com Twitter @NakedSecurity Instagram @NakedSecurity

How do you go from pentester to creator of Microsoft’s bug bounty program? Find out from hacker and vulnerability disclosure pioneer, Katie Moussouris. Join us for a fascinating interview with Katie about her journey, the bugs in bug bounty programs, and the people who inspired her along the way. With Kimberly Truong and special guest Katie Moussouris (https://twitter.com/k8em0), Founder and CEO of Luta Security (https://www.lutasecurity.com). Original music by Edith Mudge (https://www.edithmudge.com) Got questions/suggestions/stories to share? Email: tips@sophos.com Twitter: NakedSecurity (https://twitter.com/nakedsecurity) Instagram: NakedSecurity (https://instagram.com/nakedsecurity)

In this episode: we say thanks to companies that refuse to pay ransomware hush money, dig into the new Sophos 2021 Threat Report, and take a quick look inside a malicious Linux kernel driver. Also, a sneak preview of our upcoming podcast interview with bug bounty pioneer Katie Moussouris. With Kimberly Truong, Doug Aamoth and Paul Ducklin *** Cult videogame company Capcom pays a big round $0.00 to ransomware crooks https://nakedsecurity.sophos.com/cult-videogame-company-capcom-pays-a-big-round-0 The Sophos Threat Report 2021 https://nakedsecurity.sophos.com/sophos-threat-report-2021 The Cloud Snooper Malware https://nakedsecurity.sophos.com/the-cloud-snooper-malware *** Original music by Edith Mudge Got questions/suggestions/stories to share? Email tips@sophos.com Twitter @NakedSecurity Instagram @NakedSecurity

In this episode: we say thanks to companies that refuse to pay ransomware hush money, dig into the new Sophos 2021 Threat Report, and take a quick look inside a malicious Linux kernel driver. Also, a sneak preview of our upcoming podcast interview with bug bounty pioneer Katie Moussouris. With Kimberly Truong, Doug Aamoth and Paul Ducklin. https://nakedsecurity.sophos.com/cult-videogame-company-capcom-pays-a-big-round-0 https://nakedsecurity.sophos.com/sophos-threat-report-2021 https://nakedsecurity.sophos.com/the-cloud-snooper-malware Original music by Edith Mudge (https://www.edithmudge.com) Got questions/suggestions/stories to share? Email: tips@sophos.com Twitter: NakedSecurity (https://twitter.com/nakedsecurity) Instagram: NakedSecurity (https://instagram.com/nakedsecurity)

  This week Katie Moussouris hangs out to talk about both the advantages as well as challenges in running bug bounty programs. My 3 main takeaways were when companies should choose a bounty as opposed to a pen test, where a company should be at operationally before launching a program and how companies should prepare before launching their bug bounty program. For more information, including the show notes check out https://breachsense.io/podcast

Introduce Katie (bio) (@k8em0) CEO and Owner, LutaSecurity The scope of the VCMM (what is it?) VCMM - Vulnerability Coordination Maturity Model  https://www.lutasecurity.com/vcmm Just covers the internal process? To ready an org for a bug bounty program or to accept vulns from security researchers? You mentioned not playing whack-a-mole, when it comes to responding at the beginning of a vuln disclosure program. Is the directing of different categories of bugs one of the things that goes into not having to just wait for the bugs to roll in? Will this work for internal security or red teams as well, or is this more suited to bug bounties? What’s the timeline for this process? “We need something for a product launch next week…” Stakeholders involved? CISO? Security team? IT? Devs? What precipitates the need for this? Maturity? Vuln Disclosure?  Are the ISO docs required for this to work, or will they assist in an easier outcome? https://blog.rapid7.com/2017/12/19/nist-cyber-framework-revised-to-include-coordinated-vuln-disclosure-processes/ https://www.rsaconference.com/industry-topics/video/bug-bounty-programs-arent-enough-for-todays-cyber-threats-katie-moussouris-rsac  10 worst jobs (popsci article): https://web.archive.org/web/20070712070214/https://www.popsci.com/popsci/science/0203101256a23110vgnvcm1000004eecbccdrcrd.html https://www.nbcnews.com/tech/security/how-teenage-fortnite-player-found-apple-s-facetime-bug-why-n963961 How does an org use this to communicate vulnerabilities in their own products?  What’s the bare minimum you need on this chart for a successful program? Are any facets more important than the others? Does anyone hit all 3s, or is that a pipedream? Incentive “no legal action will be taken”. People want money… not tours, not 10-point font. How do you convince ‘good’ bug writers to want to help you for a ‘thank you’? Should incentive be a ‘Level 3’ or would you consider it not ready for prime-time? https://www.zdnet.com/article/yahoo-changes-bug-bounty-policy-following-t-shirt-gate/ Vuln reporting Lots of Twitter fodder of companies that handle vuln disclosure poorly, even folks say that you shouldn’t bother and deal with a 3rd party. If a company is taking bugs and doing all the baseline items, what are some other things they could do to make security disclosure easier? Security.txt? Clearly stated bugs@ or Security@ (and not buried in 3 point font in the privacy policy, or ToS) SLA to reply to all bugs? Standardized disclosure form for discoveries? Slide Presentation Overview: https://7bb97855-c50f-4dce-9a1c-325268684c64.filesusr.com/ugd/ed9b4b_f04d16446542494887906777a39204bf.pdf ISO 29147:2018 - $150 USD https://www.iso.org/standard/72311.html ISO 30111:2019 - $95 USD https://www.iso.org/standard/69725.html ISO 27034-7:2018 - $150 USD https://www.iso.org/standard/66229.html  Check out our Store on Teepub! https://brakesec.com/store Join us on our #Slack Channel! Send a request to @brakesec on Twitter or email bds.podcast@gmail.com #AmazonMusic: https://brakesec.com/amazonmusic  #Brakesec Store!: https://brakesec.com/teepub  #Spotify: https://brakesec.com/spotifyBDS #Pandora: https://brakesec.com/pandora  #RSS: https://brakesec.com/BrakesecRSS #Youtube Channel:  http://www.youtube.com/c/BDSPodcast #iTunes Store Link: https://brakesec.com/BDSiTunes #Google Play Store: https://brakesec.com/BDS-GooglePlay Our main site:  https://brakesec.com/bdswebsite #iHeartRadio App:  https://brakesec.com/iHeartBrakesec #SoundCloud: https://brakesec.com/SoundcloudBrakesec Comments, Questions, Feedback: bds.podcast@gmail.com Support Brakeing Down Security Podcast by using our #Paypal: https://brakesec.com/PaypalBDS OR our #Patreon https://brakesec.com/BDSPatreon #Twitter: @brakesec @boettcherpwned @bryanbrake @infosystir #Player.FM : https://brakesec.com/BDS-PlayerFM #Stitcher Network: https://brakesec.com/BrakeSecStitcher #TuneIn Radio App: https://brakesec.com/TuneInBrakesec

Introduce Katie (bio) (@k8em0) CEO and Owner, LutaSecurity The scope of the VCMM (what is it?) VCMM - Vulnerability Coordination Maturity Model  https://www.lutasecurity.com/vcmm Just covers the internal process? To ready an org for a bug bounty program or to accept vulns from security researchers? You mentioned not playing whack-a-mole, when it comes to responding at the beginning of a vuln disclosure program. Is the directing of different categories of bugs one of the things that goes into not having to just wait for the bugs to roll in? Will this work for internal security or red teams as well, or is this more suited to bug bounties? What’s the timeline for this process? “We need something for a product launch next week…” Stakeholders involved? CISO? Security team? IT? Devs? What precipitates the need for this? Maturity? Vuln Disclosure?  Are the ISO docs required for this to work, or will they assist in an easier outcome? https://blog.rapid7.com/2017/12/19/nist-cyber-framework-revised-to-include-coordinated-vuln-disclosure-processes/ https://www.rsaconference.com/industry-topics/video/bug-bounty-programs-arent-enough-for-todays-cyber-threats-katie-moussouris-rsac  10 worst jobs (popsci article): https://web.archive.org/web/20070712070214/https://www.popsci.com/popsci/science/0203101256a23110vgnvcm1000004eecbccdrcrd.html https://www.nbcnews.com/tech/security/how-teenage-fortnite-player-found-apple-s-facetime-bug-why-n963961 How does an org use this to communicate vulnerabilities in their own products?  What’s the bare minimum you need on this chart for a successful program? Are any facets more important than the others? Does anyone hit all 3s, or is that a pipedream? Incentive “no legal action will be taken”. People want money… not tours, not 10-point font. How do you convince ‘good’ bug writers to want to help you for a ‘thank you’? Should incentive be a ‘Level 3’ or would you consider it not ready for prime-time? https://www.zdnet.com/article/yahoo-changes-bug-bounty-policy-following-t-shirt-gate/ Vuln reporting Lots of Twitter fodder of companies that handle vuln disclosure poorly, even folks say that you shouldn’t bother and deal with a 3rd party. If a company is taking bugs and doing all the baseline items, what are some other things they could do to make security disclosure easier?Security.txt? Clearly stated bugs@ or Security@ (and not buried in 3 point font in the privacy policy, or ToS) SLA to reply to all bugs? Standardized disclosure form for discoveries? Slide Presentation Overview: https://7bb97855-c50f-4dce-9a1c-325268684c64.filesusr.com/ugd/ed9b4b_f04d16446542494887906777a39204bf.pdf ISO 29147:2018 - $150 USD https://www.iso.org/standard/72311.html ISO 30111:2019 - $95 USD https://www.iso.org/standard/69725.html ISO 27034-7:2018 - $150 USD https://www.iso.org/standard/66229.html  Check out our Store on Teepub! https://brakesec.com/store Join us on our #Slack Channel! Send a request to @brakesec on Twitter or email bds.podcast@gmail.com #AmazonMusic: https://brakesec.com/amazonmusic  #Brakesec Store!: https://brakesec.com/teepub  #Spotify: https://brakesec.com/spotifyBDS #Pandora: https://brakesec.com/pandora  #RSS: https://brakesec.com/BrakesecRSS #Youtube Channel:  http://www.youtube.com/c/BDSPodcast #iTunes Store Link: https://brakesec.com/BDSiTunes #Google Play Store: https://brakesec.com/BDS-GooglePlay Our main site:  https://brakesec.com/bdswebsite #iHeartRadio App:  https://brakesec.com/iHeartBrakesec #SoundCloud: https://brakesec.com/SoundcloudBrakesec Comments, Questions, Feedback: bds.podcast@gmail.com Support Brakeing Down Security Podcast by using our #Paypal: https://brakesec.com/PaypalBDS OR our #Patreon https://brakesec.com/BDSPatreon #Twitter: @brakesec @boettcherpwned @bryanbrake @infosystir #Player.FM : https://brakesec.com/BDS-PlayerFM #Stitcher Network: https://brakesec.com/BrakeSecStitcher #TuneIn Radio App: https://brakesec.com/TuneInBrakesec

Katie Moussouris, hacker and CEO of Luta Security, joins Dennis Fisher for a long overdue conversation about vulnerability management, bug bounty programs, and assessing risk.

Katie Moussouris, CEO and Founder of Luta Security, joins us on this week’s episode of Security Nation to discuss vulnerability disclosure, bug bounties, and building systems that support sustainable security. Stick around for our Rapid Rundown, where Tod talks through the recent bug in the Samsung Quram image processor.

Bug bounties, authoring standards, enjoying what you do, and taking your own path! (Recorded from LIVE edition of the podcast earlier today.)

In 2003, security researchers Katie Moussouris and a colleague at enterprise security firm @stake—which would later be acquired by Symantec—found a bad flaw in an encrypted flash drive from Lexar. It was trivial to uncover the password that decrypted the drive's data. But when they tried to let Lexar know? "Things went wrong," says Chris Wyspol, who was also working at @stake at the time.

The Uncommon Journey Talk Show On ITSPmagazine

 Episode 1 Hosts: Alyssa Miller, Chloé Messdaghi, and Phillip Wylie For our first episode, we were joined by Katie Moussouris. She shared her journey from her beginning programming days to starting her own company while providing her insight into the bug bounty world.  On a personal side note, she loves the movie Hackers and drinking water.  As part of this Uncommon Journey podcast series, various industry personalities will be invited to discuss their unique journeys into security, the challenges they faced, how they overcame those challenges and their recommendations for others looking to get into this community. They’ll also talk about security community-wide challenges and how non-traditional backgrounds and experiences can be brought together to address those challenges. We hope you enjoy the journey and maybe you will discover, as we did, that uncommon is somehow common—and that is a good thing. __________________________________ For more Uncommon Journey podcasts: https://itspmagazine.com/the-uncommon-journey-talk-show-podcast-phillip-wylie-chloe-messdaghi-alyssa-miller __________ Interested in sponsoring an ITSPmagazine talk show? Visit: https://www.itspmagazine.com/podcast-series-sponsorships

Bug bounty programs continue to increase in popularity – but that popularity has its downsides. Since the launch of the Hack the Pentagon program in 2016, bug bounty programs have quickly grown in popularity. However, as more programs are created, some companies are forgetting the real reason behind bug bounties. That is, instead of making their systems more secure, companies want to merely hunt bugs. Threatpost talked to Katie Moussouris, founder and CEO of Luta Security, to hear more about her thoughts about the challenges in developing – and launching – bug bounty programs.

Not all that long ago, bounty hunters were burly guys who apprehended fugitives using brute force in exchange for a reward or "bounty." And while those types of bounty hunters still exist, these days the vast majority of them are hackers looking for bugs. In this episode of the Impact Podcast, Jon Prial talks with Katie Moussouris, a highly regarded computer security researcher who's best known for creating the bug bounty program at Microsoft. You'll hear about: -Results from the recent Hack the Pentagon Program (1:15) -What companies can learn from the government's approach to engaging with the hacker community (2:36) -How to determine if your organization is ready for a bug bounty program (5:40) -Issues larger enterprises face versus smaller startups (7:20) -Maturity models for assessing vulnerability (11:28) -Best practices for engineering teams (14:54) -The keys to success for bug bounty programs going forward (17:44)

Equifax: the worst breach ever. You asked for it, and Alia and Bob are (finally!!) on board. Unpatched patches. Passwords stored in plain-text. 145 million people in danger. The Equifax breach is a perfect storm of bad decisions. Coming March 4, Alia and Bob will dive into how hackers stole *the most valuable data* of 145 million Americans, why it matters, and what we can do about it. The Yahoo breach was a spy movie, but this one is about YOU. This time around, we’ll be dropping six shorter episodes, released weekly starting March 4. Subscribe now so you don’t miss out! And tell all your friends!

Hacker Katie Moussouris probably knows more about bug bounties, how companies use and misuse them, and the incentives that they create than just about anyone on the planet. She created Microsoft's first bounty program in 2013 and has spent the years since traveling the world advising companies on how to work with security researchers and whether a bounty program is the right move. She talks with Dennis Fisher about why the security industry keeps making the same mistakes over and over and how the lack of talent on the coding and maintenance side of the equation is hurting security.Learn more about Katie's company Luta Security.

InSecurity Podcast: Katie Moussouris answers the question… Should the pursuit of coding perfection always include Bug Bounties? What if I told you that the industry average is 15-50 bugs per 1000 lines of code? You may not care if you’re creating a Word doc. What if you are in charge of launching the latest SpaceX rocket? What if you are Lewis Hamilton driving for Mercedes Formula 1 and a software glitchcauses you to lose a 3 second lead at the Australian Grand Prix? What if you are a general in charge of military forces using tools that include the same software I can buy on Amazon or Ali Baba? With so much of our world now driven by software, everything is on the line: money, property, lives. Perfection is never going to be an option, but it is fair to say that we need to be as close to perfect as possible No small feat… and no pressure on folks like today’s guest Katie Moussouris joins Matt Stephenson on the InSecurity podcast to talk about bugs and bug bounties and the impact they can have on security and privacy. Katie is an industry legend perhaps best known for creating Microsoft’s first Bug Bountyprogram in 2013. In this episode of the InSecurity Podcast, Katie Moussouris breaks it down for Matt Stephenson. Who needs a bug bounty? Is a bug bounty program even appropriate for a company? There are risks in every question and every answer. About Katie Moussouris Katie Moussouris(@k8em0) is the founder and CEO of Luta Security, specializing in helping businesses and governments work with hackers to better defend themselves from digital attacks.  She is a noted authority on vulnerability disclosure & bug bounties, advising companies, lawmakers, & governments on the benefits of hacking& security. Katie is a hacker - first hacking computers, now hacking policy & regulations. About Matt Stephenson Insecurity Podcast hostMatt Stephenson(@packmatt73) leads the Security Technology team at Cylance, which puts him in front of crowds, cameras, and microphones all over the world. He is the regular host of the InSecurity podcastand host of CylanceTV Twenty years of work with the world’s largest security, storage, and recovery companies has introduced Stephenson to some of the most fascinating people in the industry. He wants to get those stories told so that others can learn from what has come before. Every week on the InSecurity Podcast, Matt interviews leading authorities in the security industry to gain an expert perspective on topics including risk management, security control friction, compliance issues, and building a culture of security. Each episode provides relevant insights for security practitioners and business leaders working to improve their organization’s security posture and bottom line. To hear more, visit: ThreatVector InSecurity Podcasts: https://threatvector.cylance.com/en_us/category/podcasts.html iTunes/Apple Podcasts link: https://itunes.apple.com/us/podcast/insecurity/id1260714697?mt=2 GooglePlay Music link: https://play.google.com/music/listen#/ps/Ipudd6ommmgdsboen7rjd2lvste

Katie is the founder and CEO of Luta Security. She presented a talk on bug bounties, penetration testing and vulnerability disclosure at the RSA Conference last week in San Francisco. She joins the podcast to discuss the evolution of bug bounty programs, her work in developing ISO standards for vulnerability disclosure, her path to a career in information security and much more.

Computer security researcher and CEO of Luta Security, Katie Moussouris. talks about her life in the penetration testing trenches, advocating responsible security research, building bug bounty programs and the challenges of succeeding as a woman in the industry.

To prepare for Black Hat and DEF CON this week, we turned to our old friend Katie Moussouris of Luta Security, to talk about the changes in the conferences over the years and how the culture has evolved. We also talked about the current discussion in the security community about vulnerability sales and bug collisions…

The O’Reilly Security Podcast: Why legal responses to bug reports are an unhealthy reflex, thinking through first steps for a vulnerability disclosure policy, and the value of learning by doing.In this episode, O’Reilly’s Courtney Nash talks with Katie Moussouris, founder and CEO of Luta Security. They discuss why many organizations have a knee-jerk legal response to a bug report (and why your organization shouldn’t), the first steps organizations should take in formulating a vulnerability disclosure program, and how learning through experience and sharing knowledge benefits all.Here are some highlights: Why legal responses to bug reports are a faulty reflex The first reaction to a researcher reporting a bug for many organizations is to immediately respond with legal action. These organizations aren’t considering that their lawyers typically don't keep their users safe from internet crime or harm. Engineers fix bugs and make a difference in terms of security. Having your lawyer respond doesn't keep users safe and doesn't get the bug fixed. It might do something to temporarily protect your brand, but that's only effective as long as the bug in question remains unknown to the media. Ultimately, when you try to kill the messenger with a bunch of lawsuits, it looks much worse than taking the steps to investigate and fix a security issue. Ideally, organizations recognize that fact quickly. It’s also worth noting that the law tends to be on the side of the organization, not the researcher reporting a vulnerability. In the United States, the Computer Fraud and Abuse Act and the Digital Millennium Copyright Act have typically been used to harass or silence security researchers who are trying to report something along the lines of “if you see something say something.” Researchers take risks when identifying bugs, because there are laws on the books that can be easily misused and abused to try to kill the messenger. There are laws in other countries as well, that similarly would act as discouragement from well-meaning researchers to come forward. It’s important to keep perspective and remember that, in most cases, you’re talking to helpful hackers, who have stuck their neck out and potentially risked their own freedom to try to warn you about a security issue. Once organizations realize that, they're often more willing to cautiously trust researchers. First steps toward a basic vulnerability disclosure policy In 2015, market studies showed (and the numbers haven't changed significantly since then) that of the Forbes Global 2000, arguably some of the most prepared and proactive security programs, 94% had no published way for researchers to report a security vulnerability. That’s indicative of the fact that these organizations probably have no plan for how they would respond if somebody did reach out and report a vulnerability. They might call in their lawyers. They might just hope the person goes away. At the very basic level, organizations should provide a clear way for someone to report issues. Additionally, organizations should clearly define the scope of issues they’re most interested in hearing about. Defining scope also includes providing the bounds for things that you prefer hackers not do. I've seen a lot of vulnerability disclosure policies published on websites that say, please don't attempt to do a denial of service against our website, or against our service or products, because with sufficient resources, we know attackers would be able to do that. They clearly request people don’t test that capability, as it would provide no value. Learning by doing and the value of sharing experiences At the Cyber U.K. Conference, the U.K. National Cyber Security Centre’s (NCSC) industry conference, there was an announcement about NCSC’s plans to launch a vulnerability coordination pilot program. They've previously worked on vulnerability coordination through the U.K. Computer Emergency Response Team (CERT U.K.) that merged under NCSC. However, they hadn’t standardized the process. They chose to learn by doing and launch pilot programs. They invited focused security researchers, who they knew and had worked with in the past, to come and participate, and then they outlined their intention to publicly share what they learned. This approach offers benefits, as it's not only focused on specific bugs, but more so on the process, on the ways they can improve that process and share knowledge with their constituents globally. Of course, bugs will be uncovered and strengthening security of targeted websites obviously represents one of the goals of the program, but the emphasis on process and learning through experience really differentiates their approach and is particularly exciting.

The O’Reilly Security Podcast: Why legal responses to bug reports are an unhealthy reflex, thinking through first steps for a vulnerability disclosure policy, and the value of learning by doing.In this episode, O’Reilly’s Courtney Nash talks with Katie Moussouris, founder and CEO of Luta Security. They discuss why many organizations have a knee-jerk legal response to a bug report (and why your organization shouldn’t), the first steps organizations should take in formulating a vulnerability disclosure program, and how learning through experience and sharing knowledge benefits all.Here are some highlights: Why legal responses to bug reports are a faulty reflex The first reaction to a researcher reporting a bug for many organizations is to immediately respond with legal action. These organizations aren’t considering that their lawyers typically don't keep their users safe from internet crime or harm. Engineers fix bugs and make a difference in terms of security. Having your lawyer respond doesn't keep users safe and doesn't get the bug fixed. It might do something to temporarily protect your brand, but that's only effective as long as the bug in question remains unknown to the media. Ultimately, when you try to kill the messenger with a bunch of lawsuits, it looks much worse than taking the steps to investigate and fix a security issue. Ideally, organizations recognize that fact quickly. It’s also worth noting that the law tends to be on the side of the organization, not the researcher reporting a vulnerability. In the United States, the Computer Fraud and Abuse Act and the Digital Millennium Copyright Act have typically been used to harass or silence security researchers who are trying to report something along the lines of “if you see something say something.” Researchers take risks when identifying bugs, because there are laws on the books that can be easily misused and abused to try to kill the messenger. There are laws in other countries as well, that similarly would act as discouragement from well-meaning researchers to come forward. It’s important to keep perspective and remember that, in most cases, you’re talking to helpful hackers, who have stuck their neck out and potentially risked their own freedom to try to warn you about a security issue. Once organizations realize that, they're often more willing to cautiously trust researchers. First steps toward a basic vulnerability disclosure policy In 2015, market studies showed (and the numbers haven't changed significantly since then) that of the Forbes Global 2000, arguably some of the most prepared and proactive security programs, 94% had no published way for researchers to report a security vulnerability. That’s indicative of the fact that these organizations probably have no plan for how they would respond if somebody did reach out and report a vulnerability. They might call in their lawyers. They might just hope the person goes away. At the very basic level, organizations should provide a clear way for someone to report issues. Additionally, organizations should clearly define the scope of issues they’re most interested in hearing about. Defining scope also includes providing the bounds for things that you prefer hackers not do. I've seen a lot of vulnerability disclosure policies published on websites that say, please don't attempt to do a denial of service against our website, or against our service or products, because with sufficient resources, we know attackers would be able to do that. They clearly request people don’t test that capability, as it would provide no value. Learning by doing and the value of sharing experiences At the Cyber U.K. Conference, the U.K. National Cyber Security Centre’s (NCSC) industry conference, there was an announcement about NCSC’s plans to launch a vulnerability coordination pilot program. They've previously worked on vulnerability coordination through the U.K. Computer Emergency Response Team (CERT U.K.) that merged under NCSC. However, they hadn’t standardized the process. They chose to learn by doing and launch pilot programs. They invited focused security researchers, who they knew and had worked with in the past, to come and participate, and then they outlined their intention to publicly share what they learned. This approach offers benefits, as it's not only focused on specific bugs, but more so on the process, on the ways they can improve that process and share knowledge with their constituents globally. Of course, bugs will be uncovered and strengthening security of targeted websites obviously represents one of the goals of the program, but the emphasis on process and learning through experience really differentiates their approach and is particularly exciting.

The O’Reilly Security Podcast: The five stages of vulnerability disclosure grief, hacking the government, and the pros and cons of bug bounty programs.In this episode, I talk with Katie Moussouris, founder and CEO of Luta Security. We discuss the five stages of vulnerability disclosure grief, hacking the government, and the pros and cons of bug bounty programs.Here are some highlights: The five stages of vulnerability disclosure grief There are two kinds of reactions we see from organizations that have never received a bug report before. Some of them are really grateful, and that's ideally where you want people to start, but a lot of them go through what I call the five stages of vulnerability response grief. At first, they are in denial; they say, ‘No, that's not a bug—maybe you're mistaken,’ or they get angry and send the lawyers, or they try to bargain with the bug hunter and say, ‘Maybe, if we just did something really stupid and tried to mask what this is, and maybe you won't talk about it publicly, or tweet about it.’ Then they often get really depressed because they realize this is just one bug report from one bug finder and there might be a ton of bugs they don't know what to do with. Until finally, they get to the acceptance stage. Ideally, we like it when organizations have gotten to that acceptance stage, when they realize there are bugs in everything, and eventually somebody is going to report a security vulnerability to the organization. Even if you've just got a website on the internet, it's possible that somebody will find and report a security issue to you. Hacking the government Hack the Pentagon came about because the U.S. Department of Defense was really interested in hearing about manipulating bug bounty market incentives. Each of those types of bugs would have fetched six figures on the offense market. At the time, Microsoft wasn't paying six figures per bug for beta bugs—in fact, nobody was—so understanding those market behaviors actually helped the Pentagon feel comfortable in trying out a bug bounty pilot, which is what happened last year. The results were great for the Pentagon. They got 138 vulnerabilities reported in a 21-day period. They fixed them all within six weeks, I believe. They paid $75,000 in bug bounties to find that many vulnerabilities. Through their usual vendors, it was costing them more than a million dollars a year in federal contracts with different security vendors, and they were typically receiving maybe two or three bug reports a month. There was finally a legal channel for security researchers who wanted to help the government to be able to do so without risking their freedom. (Editor’s note: Moussouris just helped launch a similar effort with the UK’s National Cyber Security Centre.) The pros and cons of bug bounties Anyone can offer cash for bugs. Whether or not it turns out well for them depends on a whole lot of things. Bug bounties can be useful as a focus incentive. If an organization has a pretty good handle on their vulnerabilities and has a process for dealing with the ones they already know about, then that might be a good area to focus on, but I typically don't think it's a good way to start. It has been trendy, recently, in the last year or so, as bug bounties have caught on, where company leaders are saying, ‘We're not getting good vulnerability reports—let’s pay 10 times the bug bounty amounts for a period of time and attract a whole bunch of researchers.’ You might do that, and yes, you might get a whole swarm of bug reports, but are they really the most valuable bugs—the ones that are actually going to help you secure your users, your customers, your enterprise, or your website? Or, are they just going to be a whole swarm of the same bug reported by multiple sources because it was a little bit of a low-hanging-fruit exercise? I caution people to think through their incentive models. What is it that you really want? Do you want more bug reports? What types of bug reports do you want? How can you structure this so you're not wasting all your resources and money on an outsourced bug bounty service provider, or on triage provider resources, paying them to sift through reports for you. What would you save by finding these bugs more effectively with a decent security testing program and maybe a full-time person in-house? I talk a lot of people off the bug-bounty ledge, especially if they haven't done a whole lot of their own homework and testing. Organizations are always going to have competing needs when it comes to spending their security dollars, and I think from a holistic view, bug bounties are not going to be the 100% perfect answer for making people more secure. You cannot “bounty” your way to being secure, the same way you can't “penetration test” your way to being secure.

The O’Reilly Security Podcast: The five stages of vulnerability disclosure grief, hacking the government, and the pros and cons of bug bounty programs.In this episode, I talk with Katie Moussouris, founder and CEO of Luta Security. We discuss the five stages of vulnerability disclosure grief, hacking the government, and the pros and cons of bug bounty programs.Here are some highlights: The five stages of vulnerability disclosure grief There are two kinds of reactions we see from organizations that have never received a bug report before. Some of them are really grateful, and that's ideally where you want people to start, but a lot of them go through what I call the five stages of vulnerability response grief. At first, they are in denial; they say, ‘No, that's not a bug—maybe you're mistaken,’ or they get angry and send the lawyers, or they try to bargain with the bug hunter and say, ‘Maybe, if we just did something really stupid and tried to mask what this is, and maybe you won't talk about it publicly, or tweet about it.’ Then they often get really depressed because they realize this is just one bug report from one bug finder and there might be a ton of bugs they don't know what to do with. Until finally, they get to the acceptance stage. Ideally, we like it when organizations have gotten to that acceptance stage, when they realize there are bugs in everything, and eventually somebody is going to report a security vulnerability to the organization. Even if you've just got a website on the internet, it's possible that somebody will find and report a security issue to you. Hacking the government Hack the Pentagon came about because the U.S. Department of Defense was really interested in hearing about manipulating bug bounty market incentives. Each of those types of bugs would have fetched six figures on the offense market. At the time, Microsoft wasn't paying six figures per bug for beta bugs—in fact, nobody was—so understanding those market behaviors actually helped the Pentagon feel comfortable in trying out a bug bounty pilot, which is what happened last year. The results were great for the Pentagon. They got 138 vulnerabilities reported in a 21-day period. They fixed them all within six weeks, I believe. They paid $75,000 in bug bounties to find that many vulnerabilities. Through their usual vendors, it was costing them more than a million dollars a year in federal contracts with different security vendors, and they were typically receiving maybe two or three bug reports a month. There was finally a legal channel for security researchers who wanted to help the government to be able to do so without risking their freedom. (Editor’s note: Moussouris just helped launch a similar effort with the UK’s National Cyber Security Centre.) The pros and cons of bug bounties Anyone can offer cash for bugs. Whether or not it turns out well for them depends on a whole lot of things. Bug bounties can be useful as a focus incentive. If an organization has a pretty good handle on their vulnerabilities and has a process for dealing with the ones they already know about, then that might be a good area to focus on, but I typically don't think it's a good way to start. It has been trendy, recently, in the last year or so, as bug bounties have caught on, where company leaders are saying, ‘We're not getting good vulnerability reports—let’s pay 10 times the bug bounty amounts for a period of time and attract a whole bunch of researchers.’ You might do that, and yes, you might get a whole swarm of bug reports, but are they really the most valuable bugs—the ones that are actually going to help you secure your users, your customers, your enterprise, or your website? Or, are they just going to be a whole swarm of the same bug reported by multiple sources because it was a little bit of a low-hanging-fruit exercise? I caution people to think through their incentive models. What is it that you really want? Do you want more bug reports? What types of bug reports do you want? How can you structure this so you're not wasting all your resources and money on an outsourced bug bounty service provider, or on triage provider resources, paying them to sift through reports for you. What would you save by finding these bugs more effectively with a decent security testing program and maybe a full-time person in-house? I talk a lot of people off the bug-bounty ledge, especially if they haven't done a whole lot of their own homework and testing. Organizations are always going to have competing needs when it comes to spending their security dollars, and I think from a holistic view, bug bounties are not going to be the 100% perfect answer for making people more secure. You cannot “bounty” your way to being secure, the same way you can't “penetration test” your way to being secure.

We know that hacking can get you in trouble with governments and companies. But could it also make you rich? Or even a hero? Hollywood has long portrayed hackers as evil geniuses or complete weirdos, but the caricature doesn't often tell the whole story. Increasingly, hackers are being asked to try their skills on various cyber systems in an effort to expose vulnerabilities. So they hack in, find the bug, and get paid. Right? Of course, it's not that simple. Katie Moussouris, founder and CEO of Luta Security and creator of Microsoft's first bug bounty program, joins the show to explain. Can hacking really be a force for good?

Join Lawyer Liz as she talks with Katie Moussouris, a leading security and vulnerability disclosure researcher who convinced the DOD to host and led the "Hack the Pentagon" program earlier this year. Then Lawyer Liz "Test Drives" with State Rep Trey Kelley, chair of the 2014 Georgia House Autonomous Vehicle Technology Study Committee, discussing recent driverless tech developments and Georgia's role.

Host Kevin Greene and guest Katie Moussouris, chief policy officer at HackerOne, explore the potential benefits of formalizing a “bug bounty” program in the federal government, which would allow outside experts to find and report bugs in the secure software that powers the Internet. Moussouris talks about the implications of removing the barriers between the researchers, government and vendor communities to help facilitate such a program.

Katie Moussouris, chief policy officer at HackerOne and a white hat hacker, says when hackers like her come to device makers with vulnerabilities on connected devices companies should treat them as resources. Moussouris says companies often go through five stages of grief before accepting the security vulnerabilities discovered by hackers but also says she’s noticed a recent cultural shift to acknowledge hackers as allies.

We bring back Samy Kamkar "Samy's My Hero," and bring on special guests Casey Ellis from BugCrowd and Katie Moussouris from HackerOne. We talk about the tough ethical questions and the future of bug bounties in 5 years.Security Weekly Web Site: http://securityweekly.comHack Naked Gear: http://shop.securityweekly.comFollow us on Twitter: @securityweekly

Bug Bounty and Responsible Disclosure We bring back Samy Kamkar "Samy's My Hero," and bring on special guests Casey Ellis from BugCrowd and Katie Moussouris from HackerOne. We talk about the tough ethical questions and the future of bug bounties in 5 years. Interview with Ron Gula We interview Ron Gula, one of the first interviews conducted on Security Weekly. Ron is a leading cybersecurity thinker, innovator, and visionary in the information security industry. Security Weekly Web Site: http://securityweekly.com Hack Naked Gear: http://shop.securityweekly.com Follow us on Twitter: @securityweekly

Katie Moussouris, chief policy officer for HackerOne, joins New America's Peter Singer and Passcode's Sara Sorcher to talk about bug bounty programs and how to incentivize hackers to help the private sector solve cybersecurity problems. They also chat about controversial proposed changes to the Wassenaar Arrangement, an arms export agreement, which have incensed major cybersecurity companies, researchers, and digital rights groups. Siobhan Gorman from global communications consultancy company Brunswick Group joins the panel discussion about how cyberattacks could hurt businesses' reputations, the "golden rule" for companies to disclose when they've been breached, and how government agencies might improve their cybersecurity in the wake of the Office of Personnel Management breach. This podcast is sponsored by Arizona State University.

Despite popular belief (and a certain amount of Jar Jar Binks level confusion on the episode numbering and release timeline), we’re back with Episode 4 Part II of our interview with Katie Moussouris from HackerOne… Sit back and listen as Katie lays it out like it is! Planning is already underway for our next podcast… watch … Continue reading LAST HACKER STANDING: EPISODE IV PartII – Revenge of the Katie →

Each episode we’re going to be talking about information security and technology security issues that matter to business, not just the technologists. This episode Dave and Beau talk with Katie Moussouris of Microsoft about Bug Bounties - rewards Microsoft and other companies provide security researchers who demonstrate insecurities in their software. Katie makes the case that these improve Microsoft and customers' security, as well as help cut costs.

Join our interviewers in progress, Chris John Riley and Martin Mckeay at the 25th Annual FIRST Conference in Bangkok, Thailand as they talk to Katie Moussouris, Senior Security Strategist at Microsoft talk about the latest in happenings at Microsoft. Katie presents on Thursday of the conference, "Vulnerability Handling Processes: When Hackers Come A-Knockin."

Katie Moussouris, leader of the Security Community Outreach and Strategy team at Microsoft: Video for this segment was missing some audio and video was out of sync, apologies to our viewers! John Strand does a Tech Segment on CSRF: Episode 269 Show Notes Episode 269 Part 1- Direct Audio Download Episode 269 Part 2- Direct Audio Download Episode Hosts: Paul Asadoorian, Host of Security Weekly and Stogie Geeks Larry Pesce, Host of Hack Naked At Nite Jack Daniel, Security B-Sides John Strand, Host of Hack Naked TV Carlos Perez, Host of Security Weekly Espanol Tune in to Paul's Security Weekly TV, Hack Naked TV, and Hack Naked At Night episodes on our Bliptv channel. Audio Feeds: Video Feeds: