Episode 43 – Not all vulnerabilities are created equal with Tanya Janca
Tanya Janca joins me to talk about vulnerabilities, and how not all of them are created equal.
Vulnerability disclosure is one of those things that either brings a smile or a scowl to your face, depending on what end of the disclosure you're on. For some, it's a thing of pride, and hopefully a monetary reward! For others, it's a punch to the gut, fear inducing, "Oh crap!" moment because someone has shown you a flaw you weren't aware of.
But what if the disclosure isn't actually a valid vulnerability? That's the topic for this episode discussion, and thankfully I have someone who knows about exactly that! Tanya Janca joins me to discuss when a vulnerability is not a vulnerability!
Some links of interest:
- When is a vulnerability not a vulnerability?- https://medium.com/microsoftazure/when-is-a-vulnerability-not-a-vulnerability-41ff9c880adf
- Microsoft bug bounty: https://www.microsoft.com/en-us/msrc/bounty
- Cyber ladies:
- Devslop show: Live Sundays at 1:00 pm EDT https://aka.ms/DevSlop-Mixer
- Recorded episodes: https://aka.ms/DevSlopShow
- Blog: https://medium.com/@shehackspurple
- Open bug bounty: https://www.openbugbounty.org
- Twitter: @shehackspurple
- Infosec Mastodon - https://infosec.exchange/auth/sign_up
Want to reach out to the show? There's a few ways to get in touch!
- Purple Squad Security's Twitter: @PurpleSquadSec
- John's Twitter: @JohnsNotHere
- John's Mastodon: https://infosec.exchange/@JohnsNotHere
- Podcast Website: purplesquadsec.com
- Patreon - https://www.patreon.com/purplesquadsec
- Sign-Up for our Slack community: https://signup.purplesquadsec.com
Thanks for listening, and as always, I will talk with you all again next time.
Support Purple Squad Security by donating to the tip jar: https://tips.pinecast.com/jar/purple-squad-security
Find out more at http://purplesquadsec.com