{"id":1086,"date":"2017-01-30T15:33:41","date_gmt":"2017-01-30T23:33:41","guid":{"rendered":"https:\/\/blog.mozilla.org\/netpolicy\/?p=1086"},"modified":"2017-01-30T15:33:41","modified_gmt":"2017-01-30T23:33:41","slug":"discussing-security-risk","status":"publish","type":"post","link":"https:\/\/blog.mozilla.org\/netpolicy\/2017\/01\/30\/discussing-security-risk\/","title":{"rendered":"Discussing online security and risk"},"content":{"rendered":"

<\/b>We live so much of our lives online. Building a healthier internet is part of protecting our way of life, and is central to Mozilla\u2019s mission. But we can\u2019t protect the Internet alone – it\u2019s a <\/span>shared responsibility<\/span><\/a>. Participating in conversations with all the stakeholders allows us to learn from others in the field and to share the Mozilla perspective. <\/span><\/p>\n

In our ongoing efforts to make the internet safer, Firefox Security Lead Richard Barnes will be speaking on a panel at Stanford Law School\u2019s February 2 event \u201cGovernment Hacking: Assessing and Mitigating the Security Risk.\u201d To attend in person, <\/span>RSVP here<\/span><\/a>. We\u2019ll also recap it here on the blog.<\/span><\/p>\n

This continues in the theme of several of the panels I participated in late last year. I discussed the future of cybersecurity and internet privacy with industry leaders late last year – see below to read excerpts and watch the videos, and let us know what you think!<\/span><\/p>\n

As part of the Coalition for Cybersecurity Policy & Law, I went to a <\/span>day-long symposium<\/span><\/a>, \u201cCybersecurity Under the Next President.\u201d I discussed the process by which the government decides if and when to disclose security vulnerabilities. This is known as the vulnerabilities equities process, or VEP, and it is <\/span>an important part of Mozilla’s work toward a secure internet<\/span><\/a> due to the lack of government transparency about its use. <\/span><\/p>\n

On this panel, I spoke about reforms the government could take to improve the current vulnerabilities equities process. \u201cIn a perfect world I would like this process to be robust – and that may mean a legislative solution such that they have to undertake this process and they have to have certain interests at the table when they consider a given vulnerability. I want them to have a timeline and a process set out that helps us understand how long it takes to get from discovery or acquisition, to consideration to disclosure or nondisclosure. We want independent oversight and transparency to the process\u2026 into how it works and how the disclosure is handled. We want to make sure that civilian agencies whose mission is to create trust, secure the internet and secure the American people are involved and engaged in this process. Those steps would significantly increase trust. Making sure that everything goes through the Vulnerabilities Equities Process would be very helpful.\u201d<\/p>\n

Video from this panel can be found <\/span>here<\/span><\/a>.<\/span><\/p>\n

The next day, I joined a panel of academics and policy experts at the Center for Internet and Society at Stanford Law to address how government and industry can work together to strengthen the process and discuss varied perspectives. <\/span><\/p>\n

At this <\/span>event<\/span><\/a>, part of the series co-hosted by Mozilla, I joined experts to explain the biggest problems with the current vulnerabilities equities process. \u201cIt only sees a small fraction or some fraction of the vulnerabilities held by the government. Specifically as we move into a connected world – the internet of things – more agencies are going to come into contact with more exploits.\u201d<\/span><\/p>\n

That\u2019s why Mozilla believes it\u2019s essential for the government to codify the use of the vulnerabilities equities process. \u201cIf we can make this go across the government — make it broadly used, that would be a significant step forward. Of course we would have to adequately resource that.\u201d<\/span><\/p>\n

To watch the video of the panel, visit <\/span>https:\/\/www.youtube.com\/watch?v=lTwct5qMKC8<\/span><\/a>. <\/span><\/p>\n

 <\/p>\n","protected":false},"excerpt":{"rendered":"

We live so much of our lives online. Building a healthier internet is part of protecting our way of life, and is central to Mozilla\u2019s mission. But we can\u2019t protect … Read more<\/a><\/p>\n","protected":false},"author":1273,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[283198,69,10136],"tags":[],"coauthors":[],"yoast_head":"\nDiscussing online security and risk - Open Policy & Advocacy<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/blog.mozilla.org\/netpolicy\/2017\/01\/30\/discussing-security-risk\/\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Heather West\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/blog.mozilla.org\/netpolicy\/2017\/01\/30\/discussing-security-risk\/\",\"url\":\"https:\/\/blog.mozilla.org\/netpolicy\/2017\/01\/30\/discussing-security-risk\/\",\"name\":\"Discussing online security and risk - Open Policy & Advocacy\",\"isPartOf\":{\"@id\":\"https:\/\/blog.mozilla.org\/netpolicy\/#website\"},\"datePublished\":\"2017-01-30T23:33:41+00:00\",\"dateModified\":\"2017-01-30T23:33:41+00:00\",\"author\":{\"@id\":\"https:\/\/blog.mozilla.org\/netpolicy\/#\/schema\/person\/fdff0d5bb50c4a81e2743d7f91775d40\"},\"breadcrumb\":{\"@id\":\"https:\/\/blog.mozilla.org\/netpolicy\/2017\/01\/30\/discussing-security-risk\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/blog.mozilla.org\/netpolicy\/2017\/01\/30\/discussing-security-risk\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/blog.mozilla.org\/netpolicy\/2017\/01\/30\/discussing-security-risk\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/blog.mozilla.org\/netpolicy\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Discussing online security and risk\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/blog.mozilla.org\/netpolicy\/#website\",\"url\":\"https:\/\/blog.mozilla.org\/netpolicy\/\",\"name\":\"Open Policy & Advocacy\",\"description\":\"Mozilla's official blog on open Internet policy initiatives and developments\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/blog.mozilla.org\/netpolicy\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/blog.mozilla.org\/netpolicy\/#\/schema\/person\/fdff0d5bb50c4a81e2743d7f91775d40\",\"name\":\"Heather West\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/blog.mozilla.org\/netpolicy\/#\/schema\/person\/image\/473697387e4dd4394de2baac8badd43c\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/1cc029c6538a1898f71b01b401691323?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/1cc029c6538a1898f71b01b401691323?s=96&d=mm&r=g\",\"caption\":\"Heather West\"},\"description\":\"Heather works on security, cybersecurity, data governance, and privacy in the digital age at Mozilla, maker of the Firefox browser. At the intersection of public policy and technology, she is part policy-to-tech translator, part product consultant, and part long-term Internet strategist. She works with stakeholders and policymakers in DC as well as global product and policy teams and was recognized as one of the 2014 Forbes 30 Under 30 in Law and Policy. She helped found the public policy team at CloudFlare, a website performance and security company, served as global and Federal privacy and security issue expert on Google\u2019s public policy team, and started her career working on government technology, privacy, and identity management at the public interest group Center for Democracy and Technology. She holds a B.A. in Computer Science and Cognitive Science from Wellesley College with concentrations in philosophy and legal studies, and is a Certified Information Privacy Professional (CIPP\/US). She is also recognized as a Christian Science Monitor Passcode Influencer.\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Discussing online security and risk - Open Policy & Advocacy","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/blog.mozilla.org\/netpolicy\/2017\/01\/30\/discussing-security-risk\/","twitter_misc":{"Written by":"Heather West","Est. reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/blog.mozilla.org\/netpolicy\/2017\/01\/30\/discussing-security-risk\/","url":"https:\/\/blog.mozilla.org\/netpolicy\/2017\/01\/30\/discussing-security-risk\/","name":"Discussing online security and risk - Open Policy & Advocacy","isPartOf":{"@id":"https:\/\/blog.mozilla.org\/netpolicy\/#website"},"datePublished":"2017-01-30T23:33:41+00:00","dateModified":"2017-01-30T23:33:41+00:00","author":{"@id":"https:\/\/blog.mozilla.org\/netpolicy\/#\/schema\/person\/fdff0d5bb50c4a81e2743d7f91775d40"},"breadcrumb":{"@id":"https:\/\/blog.mozilla.org\/netpolicy\/2017\/01\/30\/discussing-security-risk\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/blog.mozilla.org\/netpolicy\/2017\/01\/30\/discussing-security-risk\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/blog.mozilla.org\/netpolicy\/2017\/01\/30\/discussing-security-risk\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/blog.mozilla.org\/netpolicy\/"},{"@type":"ListItem","position":2,"name":"Discussing online security and risk"}]},{"@type":"WebSite","@id":"https:\/\/blog.mozilla.org\/netpolicy\/#website","url":"https:\/\/blog.mozilla.org\/netpolicy\/","name":"Open Policy & Advocacy","description":"Mozilla's official blog on open Internet policy initiatives and developments","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/blog.mozilla.org\/netpolicy\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/blog.mozilla.org\/netpolicy\/#\/schema\/person\/fdff0d5bb50c4a81e2743d7f91775d40","name":"Heather West","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/blog.mozilla.org\/netpolicy\/#\/schema\/person\/image\/473697387e4dd4394de2baac8badd43c","url":"https:\/\/secure.gravatar.com\/avatar\/1cc029c6538a1898f71b01b401691323?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/1cc029c6538a1898f71b01b401691323?s=96&d=mm&r=g","caption":"Heather West"},"description":"Heather works on security, cybersecurity, data governance, and privacy in the digital age at Mozilla, maker of the Firefox browser. At the intersection of public policy and technology, she is part policy-to-tech translator, part product consultant, and part long-term Internet strategist. She works with stakeholders and policymakers in DC as well as global product and policy teams and was recognized as one of the 2014 Forbes 30 Under 30 in Law and Policy. She helped found the public policy team at CloudFlare, a website performance and security company, served as global and Federal privacy and security issue expert on Google\u2019s public policy team, and started her career working on government technology, privacy, and identity management at the public interest group Center for Democracy and Technology. She holds a B.A. in Computer Science and Cognitive Science from Wellesley College with concentrations in philosophy and legal studies, and is a Certified Information Privacy Professional (CIPP\/US). She is also recognized as a Christian Science Monitor Passcode Influencer."}]}},"_links":{"self":[{"href":"https:\/\/blog.mozilla.org\/netpolicy\/wp-json\/wp\/v2\/posts\/1086"}],"collection":[{"href":"https:\/\/blog.mozilla.org\/netpolicy\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blog.mozilla.org\/netpolicy\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blog.mozilla.org\/netpolicy\/wp-json\/wp\/v2\/users\/1273"}],"replies":[{"embeddable":true,"href":"https:\/\/blog.mozilla.org\/netpolicy\/wp-json\/wp\/v2\/comments?post=1086"}],"version-history":[{"count":0,"href":"https:\/\/blog.mozilla.org\/netpolicy\/wp-json\/wp\/v2\/posts\/1086\/revisions"}],"wp:attachment":[{"href":"https:\/\/blog.mozilla.org\/netpolicy\/wp-json\/wp\/v2\/media?parent=1086"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blog.mozilla.org\/netpolicy\/wp-json\/wp\/v2\/categories?post=1086"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blog.mozilla.org\/netpolicy\/wp-json\/wp\/v2\/tags?post=1086"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/blog.mozilla.org\/netpolicy\/wp-json\/wp\/v2\/coauthors?post=1086"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}