If you find a new bug, there is a big debate about what you should do. Should you disclose it responsibly? Tell it to the whole world?

Responsible disclosure, full disclosure, partial disclosure?

I believe in the responsible disclosure model, where you tell the party about the bug and give them time to fix it before you disclose it to the world.

I select speakers that I think are ethical and create contests that are legal and hope people will follow the lead.

You have federal agents coming in to give their own talks.

Since the very first Defcon. Well, we had a state prosecutor come in and talk.

In the audience was someone who was being prosecuted by her. We've tried to have different viewpoints.

So it’s almost like a neutral ground?

That’s what I've created it to be. Originally, there was no Internet or Amazon.com.

If you wanted information, you had to get it from the horse’s mouth.

It was about getting the experts in the room to dispel myths that came from word of mouth.

I knew federal agents would show up. I invited the FBI, Secret Service and others to come from the very beginning.

Everyone thought I was absolutely insane because nobody had done that. I called the Secret Service about it.

They said, “We are aware of your activities.”

They haven’t arrested anyone here?

The FBI arrested one speaker, Dmitri Sklyarov, in his hotel room after Defcon in 2001.

That was because the Russian company Dmitri worked for was in a dispute with Adobe.

Dmitri was kind of a hostage because they couldn’t go after the company in Russia.

There are a lot of controversies every year.

The Massachusetts Bay Transit Authority sued to stop three of your speakers from proceeding with a talk. How do you deal with that every year?