Guests:
Katie Noble, Director, PSIRT and Bug Bounty at Intel Corporation
On LinkedIn | https://www.linkedin.com/in/katie-trimble-noble-b877ba18a/
Harley Geiger, Founder and Coordinator, Security Research Legal Defense Fund
On LinkedIn | https://www.linkedin.com/in/harleylorenzgeiger/
____________________________
Host: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]
On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/sean-martin
___________________________
Episode Notes
In this episode of the Redefining CyberSecurity podcast, host Sean Martin is joined by Katie Noble, Director of Product Security and Communications at Intel Corporation, and Harley Geiger, a cybersecurity attorney at Venable LP. The episode provides a deep dive into the realm of vulnerability disclosure and the corresponding laws that shape its dynamics.
The insightful conversation unveiled vulnerability disclosure as a toolbox for receiving vulnerabilities from diverse sources and then subsequently identifying, mitigating, and disclosing them. Both Noble and Geiger highlighted the importance of this process in creating a more secure digital ecosystem. However, they identified some challenges which include technical literacy, uneven state laws, clarity on good-faith security research, and sanctions that restrict conversation about vulnerabilities with certain entities.
Furthering the discussion, they touched upon the implications of AI and services provided through APIs on vulnerability disclosure. They acknowledged AI as an enabler which necessitates creative thinking about new tools for infrastructure security. They also highlighted potential issues with cloud services and AI, along with the growing practice of identifying non-security harms such as bias and discrimination through similar disclosure processes.
While discussing the role of regulations and policies, the Noble and Geiger stressed these aid in setting security standards and issuing regulatory compliance. They emphasized that understanding regulation as a net good and engaging proactively with policy formulation can result in better product security.
The episode concluded with insights on how regulatory improvements could reduce liability and move the space forward. This includes improvements in state law, clarification around AI, and easing sanctions to allow dialogue around vulnerabilities.
___________________________
Watch this and other videos on ITSPmagazine's YouTube Channel
Redefining CyberSecurity Podcast with Sean Martin, CISSP playlist:
📺 https://www.youtube.com/playlist?list=PLnYu0psdcllS9aVGdiakVss9u7xgYDKYq
ITSPmagazine YouTube Channel:
📺 https://www.youtube.com/@itspmagazine
Be sure to share and subscribe!
___________________________
Resources
Hacking Policy Council - State Charging Policies for Good Faith Security Researchers: https://assets-global.website-files.com/62713397a014368302d4ddf5/64d3d1e780453a690d637186_HPC%20statement%20on%20state%20charging%20policy%20reform%20-%20August%202023.pdf
Hacking Policy Council - AI red teaming: Legal clarity and protections needed: https://assets-global.website-files.com/62713397a014368302d4ddf5/6579fcd1b821fdc1e507a6d0_Hacking-Policy-Council-statement-on-AI-red-teaming-protections-20231212.pdf
___________________________
To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit:
https://www.itspmagazine.com/redefining-cybersecurity-podcast
Are you interested in sponsoring this show with an ad placement in the podcast?
Learn More 👉 https://itspm.ag/podadplc