Too often discussions about vulnerability disclosure processes a framed in terms of binary choices: disclose / don’t disclose. We will discuss an alternate approach where governments assess “when” and “how” to disclose vulnerabilities to those who can fix instead of “whether” and “if”. This panel will also discuss why governments are hacking endpoints using vulnerabilities and why we need rules to govern those activities.
Angela McKay, Director, Cybersecurity Policy and Strategy, Microsoft
Ari Schwartz, Managing Director, Cybersecurity Services & Policy, Venable
Harley Geiger, Director, Public Policy, Rapid7