Cybersecurity Policy

U.S. policymakers, journalists, academics, and think tanks regularly seek our insight on the state of modern security and how to improve it. They come to us because we have spent the last decade applying a research mentality to real-world cybersecurity problems and the underlying computer science.

Our knowledge goes beyond the technical. Our cultivated contacts and context help us contribute to the formation of policies that advance the security and openness of the Internet. We believe our position as industry leaders obliges us to speak out on these issues, and to promote the proper collection and analysis of information that underpins good policy decisions.

We consult on many topics, including but not limited to:

• Encryption as used by market leaders like Apple
• Zerodays, exploit development, and vulnerability disclosure
• The Vulnerability Equity Process (VEP)
• Criminal use of malware and botnets
• Active defense and the Computer Fraud and Abuse Act
• Cybersecurity workforce development

We advocate for the industry, too. As one of the earliest members of the Coalition for Responsible Cybersecurity, we signed on to the first brief submitted to U.S. Department of Commerce to oppose harmful export control rules for cybersecurity products and services.

To support the next generation of security professionals, we engage with new and upcoming leaders by organizing and participating in student events and competitions.

Contact us for help.

Past Contributions

• Wagner, A., Cybersecurity Policy and Planning: Technologies for Keeping the Nation Safe, Center for Advanced Studies on Terrorism (CAST), 2019 June 5.
• Snyder, C., Too Connected to Fail, Belfer Center for Science and International Affairs, Harvard Kennedy School, 2017 May.
• Ablon, L. & Bogart, T., Zero Days, Thousands of Nights, RAND Corporation, 2017 March 9.
• Sulmeyer, M., DePetrillo, N., & McGregor, A., Privacy, Security, and Policy in the Wake of the Apple/FBI Debate, American Association for the Advancement of Science, 2017 February 18.
• Guido, D., The DBIR’s ‘Forest’ of Exploit Signatures, blog.trailofbits.com, 2016 May 5.
• Last Week Tonight with John Oliver, Encryption, HBO, 2016 March 13.
• Cyber Security Awareness Week, CSAW Policy Competition, NYU Tandon School of Engineering, 2015 November.
• Guido, D., Apple Can Comply with the FBI Court Order, blog.trailofbits.com, 2016 February 17.
• Coalition for Responsible Cybersecurity, Comment on Commerce Department Notice of Proposed Rulemaking, ResponsibleCybersecurity.org, 2015 July 27.
• Danzig, R., Surviving on a Diet of Poisoned Fruit, Center for a New American Security (CNAS), 2014 July 21.
• Guido, D., Vulnerability Discovery and Disclosure, NYU Law School, 2014 March 25.
• Ablon, L., Libicki, M. & Golay, A., Markets for Cybercrime Tools and Stolen Data, RAND Corporation, 2014 March 25.