She acknowledged that much of what hackers do is illegal, but said, "a lot of them want to do the right thing -- report a vulnerability and get it fixed. There needs to be a better way -- we shouldn't incentivize them to stay quiet, but to join the team of defenders."
Moussouris, who previously worked for Microsoft, cited that company's move about a decade ago to recruit hackers from Poland who called themselves LSD (Last Stage of Delirium) after they discovered a vulnerability that led to the release of the Blaster worm.
"That was a really progressive move on Microsoft's part," she said.
Sign up for CIO Asia eNewsletters.