Welcome to the Tech Policy Podcast. I'm Evan Swarchabber. On today's show, Bug Bounties, we know that hacking can land you in jail, but could it also land you a fat paycheck? Joining me to discuss this is Katie Masaurus, founder and CEO of Luda Security. Katie, thanks so much for joining the show. Thank you so much for having me.

So let's start off by defining the title of today's episode. What is a bug bounty?

Well, a bug bounty is paying hackers in exchange for vulnerability information.

So it's essentially a bounty on the head of each bug.

And the bug being a virus or someone trying to hack in?

It's usually a flaw in some code, maybe a flaw in a website.

It's a weakness that can be used to exploit and take information that doesn't belong to you.

So we've seen bug bounty programs in both the public and private sector.

So let's start with the private sector.

You used to work at Microsoft and you played an instrumental role or maybe the role in setting up the company's first

program. So what does that look like for a giant global tech company like Microsoft? How did they

do something like this to encourage people to find vulnerabilities, disclose them, and then get paid.

Well, Microsoft itself was not the first to offer a bug bounty program.

The first was actually Netscape back in the mid-90s.

And they offered...

Netscape.

Yeah.

That is a name you don't hear all the time.

That's right.

Taking you to the way back machine of the internet.

But it was $500 per security bug.

And nothing really new came up in the bug bounty under the bug bounty sun for a number of years until about 2010 when Google started offering bug bounties.

...