CypherCon 2024

Vulnerability Disclosure Programs: Hack Responsibly

Kimber Dowsett (@mzbat)

Abstract:

It’s critical for organizations to understand the value of having a well crafted, publicly available Vulnerability Disclosure Policy (VDP) in place so security researchers, bounty hunters, students, and “others” have clear guidelines for system exploration, exploitation, and vulnerability reporting with decreased legal risk.

Kimber will provide specific guidelines and advisements on VDP contents, public visibility, and evaluations about pairing a VDP with a Bug Bounty program. She will also discuss the types of activities, sanctioned and unsanctioned, that could potentially result in prosecution under general Computer MIsuse Act guidelines and the Computer Fraud and Abuse Act (CFAA).

Kimber Dowsett (@mzbat)

Hack the Planet! But Disclose Those Hacks Where Exactly?!

Kimber is a Senior Security Architect, having experienced success in both the public and private sectors for nearly two decades. Most recently, Kimber was the Security Engineering Lead on VMware’s Tanzu Application Platform team. Kimber is the former Director of Client Product Security at Krebs Stamos Group and former Director of Security Engineering at Truss. Prior to joining Truss, she served as a Security Architect and Director of Infrastructure at 18F. She also served 6 years as a Sr. Mission Information Specialist at NASA, securing instrument and ground systems at Goddard Space Flight Center. Kimber is passionate about privacy, encryption, and building user-driven technology for the public.
In her spare time, Kimber developed the framework for the Mock Interview and Resume Review (MIRR) Workshop, a project that partners mentors with mentees from underrepresented communities who are un/underemployed in tech and seeking opportunities for professional development. Kimber also has a passion for election integrity and security and has spoken on the topic at several events including security conferences, Secretary of State events, and closed door Senate Committee discussions. She also enjoys designing artwork for PCB-based electronic projects and is an avid admirer of Chiroptera, comic books, and video games.