Episode 43 – Not all vulnerabilities are created equal with Tanya Janca

Vulnerability disclosure is one of those things that either brings a smile or a scowl to your face, depending on what end of the disclosure you're on.  For some, it's a thing of pride, and hopefully a monetary reward!  For others, it's a punch to the gut, fear inducing, "Oh crap!" moment because someone has shown you a flaw you weren't aware of.

But what if the disclosure isn't actually a valid vulnerability? That's the topic for this episode discussion, and thankfully I have someone who knows about exactly that!  Tanya Janca joins me to discuss when a vulnerability is not a vulnerability!

Some links of interest:

• When is a vulnerability not a vulnerability?- https://medium.com/microsoftazure/when-is-a-vulnerability-not-a-vulnerability-41ff9c880adf
• Microsoft bug bounty: https://www.microsoft.com/en-us/msrc/bounty
• Cyber ladies:
  • Twitter: @Cyber_ladies
  • Meetup: https://www.meetup.com/find/events/?allMeetups=false&keywords=cyber+ladies&radius=Infinity
• Devslop show: Live Sundays at 1:00 pm EDT https://aka.ms/DevSlop-Mixer
• Recorded episodes: https://aka.ms/DevSlopShow
• Blog: https://medium.com/@shehackspurple
• Open bug bounty: https://www.openbugbounty.org
• Twitter: @shehackspurple
• Infosec Mastodon - https://infosec.exchange/auth/sign_up

Want to reach out to the show?  There's a few ways to get in touch!

• Purple Squad Security's Twitter: @PurpleSquadSec
• John's Twitter: @JohnsNotHere
• John's Mastodon: https://infosec.exchange/@JohnsNotHere
• Podcast Website: purplesquadsec.com
• Patreon - https://www.patreon.com/purplesquadsec
• Sign-Up for our Slack community: https://signup.purplesquadsec.com

Thanks for listening, and as always, I will talk with you all again next time.

Find out more at http://purplesquadsec.com