Katie Moussouris leads the Security Community Outreach and Strategy team at Microsoft. Her team’s work encompasses Security Ecosystem Strategy programs such as Microsoft’s BlueHat conference and worldwide hacker conference engagement, security researcher outreach, Vulnerability Disclosure Policies, and MSVR (Microsoft Vulnerability Research, Microsoft’s research and reporting of vulnerabilities in 3rd party software). Katie also serves as the vulnerability disclosure lead SME for the US National Body of the International Standards Organization (ISO), having performed all three roles in disclosure – finder, coordinator, and vendor for both open and closed source software.
Katie was one of the Artists Formerly Known as @stake, and she published one of the last security advisories they released in 2004, prior to being acquired by Symantec. Katie has performed dozens of software penetration tests, security code audits, design reviews, and secure software development lifecycle reviews for major software vendors and major companies in industries across the board, from finance to e-commerce, to healthcare. She has found critical vulnerabilities and offered remediation recommendations for major components of critical infrastructure in these industries, before they could be widely exploited.
At Symantec, Katie founded and ran the first team in Symantec’s 20-year history to ever publish security vulnerability advisories in 3rd-party products. See http://www.symantec.com/research. Katie has spoken on Vulnerability Disclosure and secure development lifecycles at several security conferences, including RSA2010, SOURCEBoston, Shmoocon, Toorcon Seattle, and she was a keynote speaker at Shakacon in June 2008. Katie spoke at Black Hat USA in August of 2008 on her program, Microsoft Vulnerability Research (MSVR), and most recently again at BlackHat USA 2010 on disclosure. Katie is also working on a book on Vulnerability Disclosure.