Public Safety committee  With the DOD we had to pass additional requirements. The hackers had to pass additional vetting requirements from the Department of Defense. The Canadian government can do what the U.S. government did, which is making the Hack the Pentagon series of programs very, very public. It

Public Safety committee  There is a concern, and I think that the United States as well as the U.K. have adapted standards in the area of IoT, like a list. The U.K. has a standard of 10 things that it recommends in the IoT area, and vulnerability disclosure policies are number two. In the U.S., the FTC,

Public Safety committee  Just to add some additional data points, we did a study of our own hacking community. One in four hackers have at one time found a vulnerability but not reported it because the company didn't have a channel to disclose it. To Jobert's point, there are definitely many people out t

Public Safety committee  I'd like to jump in. I think that fundamental to this discussion is privacy. When I read about that situation.... Privacy, in our opinion, is a fundamental right, and your data is a fundamental right. A company should be strongly encouraged to protect one's right. In that case,

Public Safety committee  That's a great question. In the U.S., there is the Computer Fraud and Abuse Act, passed in the 1980s, that says something to the effect that you can't hack and enter into a company's digital assets in an unauthorized manner. It has not been updated since. I believe Canada has a v

Public Safety committee  Members of the House of Commons Standing Committee on Public Safety and National Security, thank you for inviting us to speak today. I look forward to providing you with our perspective on cybersecurity and bug bounty programs. I am vice-president of business development and pol