Luta Security is the acknowledged global thought leader in leading and training corporate and governmental teams to understand vulnerability discovery and disclosure and to implement precise and guided measures to sustain vulnerability mitigation. Luta Security has both the deep knowledge and experienced researchers to address the major and minor challenges and hurdles in vulnerability disclosure programs at large complex organizations and governments.
Luta Security works first and foremost, to ensure that our client organizations are ready to handle vulnerability reports. We follow the ISO standards for vulnerability disclosure (ISO 29147) and vulnerability handling processes (ISO 30111).
Our team is led by Katie Moussouris who is a subject matter expert as she actively co-wrote both ISO 29147 and 30111. She is also an international editor for both ISO 29147 and 30111.
Katie spent over half a decade building awareness around the complexities of bug bounty pricing. She worked with Harvard economists on models making a solid case which resulted in Microsoft's first bug bounties. She then spent 3 more years as a visiting scholar with MIT Sloan School doing modeling of the system dynamics and economic levers in the vulnerability and exploit markets.
Additionally, Katie wrote both Symantec's and Microsoft's vulnerability disclosure policies. She created and ran both Symantec Vulnerability Research and Microsoft Vulnerability Research, as well as doing work for years towards the Pentagon's first bug bounty program of the US government.
Specialized bounty creation and pricing based on a clear understanding of the dynamics in play for particular types of bugs or classes of bugs is one of the unique specialties of Luta Security.
No other service provider has the history or depth of experience in creating vulnerability disclosure programs and bug bounties or other unique incentives for some of the most complex organizations in the world.