This episode features an interview with Mårten Mickos, the CEO of HackerOne. HackerOne administers bug bounty and vulnerability disclosure programs for a host of private companies as well as DOD’s “Hack the Pentagon” program. He explains how such programs work, how companies and agencies typically get started (with “vulnerability disclosure” programs), the legal and other assurances that companies need to provide to ensure participation, and the role that bounty administration firms play – from hacker reputation management to providing a kind of midnight basketball tournament for otherwise at-risk fourteen-year-old boys. (And they are boys, at least 98% of them, an issue we also explore.) Along the way, there’s even unexpected praise for the Justice Department’s Computer Crime Section, which has produced a valuable framework for vulnerability disclosure programs.