About Luta Security
Luta Security is transforming how governments and large organizations manage their people, processes, and technology to improve bug bounty programs, multiparty supply chain vulnerability coordination, and advance their overall security. During our Vulnerability Coordination Maturity Model assessments, we help identify and address gaps in key areas to improve process maturity and operational capacity to determine what actions are needed to enhance your organization's security, including which strategies and solutions make sense today and in the future.
​
Luta Security advises organizations across all phases of vulnerability coordination. Whether your organization is just getting started, or if you have already launched a vulnerability disclosure or bug bounty program, we can help your organization achieve its security goals, including complying with ISO 29147, 30111, and 27304. Learn more about our services here.
​
Current and former clients include large and complex organizations such as the U.S. Department of Defense (DOD), the UK National Cyber Security Centre (NCSC), Facebook, and Zoom to name a few.
​
Team
With over 40 years of combined professional cybersecurity, technology, and government expertise, the Luta Security team is ready to guide your organization toward a more secure future.
Luta Security’s services are backed by a highly seasoned team led by Luta Security founder and CEO, Katie Moussouris. As a computer hacker with more than 20 years of professional cybersecurity experience, Katie has a unique and unparalleled perspective on security research, vulnerability disclosure, bug bounties, and incident response. Katie serves in three advisory roles for the U.S. government as a member of the Cyber Safety Review Board, the Information Security and Privacy Advisory Board, and the Information Systems Technical Advisory Committee. She is also a cybersecurity fellow at New America and the National Security Institute.
​
During her tenure with Microsoft, her work included industry-leading initiatives such as starting Microsoft Vulnerability Research, which formalized multiparty vulnerability and supply chain vulnerability coordination across hardware and software as well as launching Microsoft’s first bug bounty program. Katie is also the co-author and co-editor of ISO 29147 (vulnerability disclosure) and ISO 30111 (vulnerability handling processes). Working with the U.S. Department of Defense, Katie led the launch of the U.S. government’s first bug bounty program, "Hack the Pentagon." She also worked with the U.S. State Department to help renegotiate the Wassenaar Arrangement, specifically changing the export control language to include technical exemptions for vulnerability disclosure and incident response.
​
She is also the founder of the Pay Equity Now (PEN) Foundation, and through the PEN Foundation, Katie established the Anuncia Donecia Songsong Manglona Lab for Gender and Economic Equity at Penn State Law in University Park. Additionally, she served as a visiting scholar with the MIT Sloan School, a Harvard Belfer affiliate, and an advisor to the Center for Democracy and Technology. In 2018, Katie was featured in two Forbes lists: The World’s Top 50 Women in Tech and America’s Top 50 Women in Tech.
​
Core Values
We are guided by our core values of respect, pay equity, and accountability.