Katie Moussouris has pretty much seen it all in her nearly two decades in the security industry as a pen tester, consultant, Microsoft employee, and many other roles. Now she’s putting that experience and knowledge to work helping governments and enterprises work out the problem of vulnerability disclosure and response with her company Luta Security. Dennis Fisher sat down with Katie at the Security Analyst Summit to talk about her work on the Wassenaar Arrangement on software export controls, bug bounties, and how companies know when they’re ready for a bounty program.