Information Asymmetry and the 1950s Nuclear Bounty

  • There are a wide and diverse range of threat actors who could attempt the things this bounty is designed to catch, and
  • A plethora of approaches which could be taken, creating
  • An almost unlimited number of possible scenarios for those in intelligence and control of nuclear material stay ahead of.
  1. Activate crowdsourced intelligence gathering around the problem they were trying to solve, and
  2. Encourage useful information to transit from a place of knowledge to a place of actionability, regardless of its source.
  • The “bug” is any of the banned actions taking place (and their potential consequences),
  • The “scanners, SDLC and other existing controls” are all of the intelligence and security protocols that already busily tried to prevent these actions from playing out, as well as the laws themselves as a primary deterrence measure,
  • The “scope” is all potential contributors and scenarios to these actions left behind by the existing controls, and
  • The “finder” is anyone who identifies or has prior knowledge of the actions and decides to report.

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
caseyjohnellis

caseyjohnellis

founder/chairman/cto @bugcrowd and co-founder of @disclose_io. troubleshooter and troublemaker. 0xEFC513EA