White hat researchers look for vulnerabilities in information systems and play an increasingly crucial role in our nation’s cyber security defenses. Yet, the rules of the road for these types of “hackers” have been slow to evolve in terms of civil and criminal liability. Worse, often times the white hats are mistaken for black hats when they attempt to report vulnerabilities to other companies. Now, more and more new legislation and regulations are starting to include specific protections and procedures for disclosing these vulnerabilities responsibly. The Department of Justice has even issued a set of guidelines that include white hat protections for disclosures.  But these measures are just the start. Should more companies adopt procedures to better ingest and respond to vulnerability disclosures? They they be disclosed publicly for others? What are the pros and cons of “bug bounties?” And, does law enforcement know the difference between a black hat, a grey hat and a white hat?


  • Leonard Bailey – Special Counsel for National Security, Computer Crime & Intellectual Property Section, U.S. Department of Justice (bio)
  • Harley Geiger – Director of Public Policy, Rapid7 (bio)
  • Franck Journoud – Cybersecurity & Technology Policy, Oracle (bio)
  • Katie Moussouris – Founder and CEO, Luta Security (bio)


  • Chris Bing –  Associate Editor,  CyberScoop (bio)

Date: Friday, October 13, 2017

Time: 12:00 pm – 1:00 pm

Location: Rayburn House Office Building Room 2237

Follow: @NetCaucusAC | #VulDis

Photo Credit: Christoph Scholz via Flickr