SPICE Speaker Kimber Dowsett Presents on Vulnerability Disclosure Policies and Bug Bounties


On April 12th, Indiana University's Security & Privacy in Informatics, Computing, and Engineering (SPICE) center hosted Kimber Dowsett from Truss and NASA, as a SPICE Colloquium speaker. In her talk entitled Vulnerability Disclosure Programs: Hack Responsibly, Dowsett helped both students and organizations understand the value of having a well crafted, publicly available Vulnerability Disclosure Policy (VDP) in place so security researchers and others have a clear roadmap for what can be investigated and reported with decreased legal risk. Dowsett also offered clarity on the types of activities that could potentially result in prosecution under the Computer Fraud and Abuse Act (CFAA). Her presentation gave specific guidelines and advisements on VDP contents, public visibility, and evaluations about pairing a VDP with a Bug Bounty program.

Kimber Dowsett authored the first draft of GSA’s Technology Transformation Service (TTS) Vulnerability Disclosure Policy. She is a Security Architect currently with Truss, a software infrastructure consulting firm servicing both the public and private sectors. She also serves as a Mission Information Specialist at NASA and is the former Head of Infrastructure Engineering at 18F. She is passionate about privacy, encryption, and building user-driven technology for the public.

Named one of the 2017 Top Women in Cybersecurity by CyberScoop, Dowsett’s background is in Information Security, Incident Response, Security Policy, and Penetration Testing. Her twitter feed is available here.