Katie Moussouris is the co-author of ISO 29147, Vulnerability Disclosure Processes, and ISO 30111, Vulnerabilities Handling Processes. She’s the founder and CEO of Luta Security. She says business leaders confuse vulnerability disclosure with bug bounties. Good Samaritans and bounty hunters are not the same as good Samaritans bearing bad news, she says. There are nine circles of hell to an ISO standard for vulnerability coordination and disclosure, but you’re escaping the inner circle is where you start.”]