Episode 43 – Not all vulnerabilities are created equal with Tanya Janca

Vulnerability disclosure is one of those things that either brings a smile or a scowl to your face, depending on what end of the disclosure you're on.  For some, it's a thing of pride, and hopefully a monetary reward!  For others, it's a punch to the gut, fear inducing, "Oh crap!" moment because someone has shown you a flaw you weren't aware of.

But what if the disclosure isn't actually a valid vulnerability? That's the topic for this episode discussion, and thankfully I have someone who knows about exactly that!  Tanya Janca joins me to discuss when a vulnerability is not a vulnerability!

Some links of interest:

• When is a vulnerability not a vulnerability?- https://medium.com/microsoftazure/when-is-a-vulnerability-not-a-vulnerability-41ff9c880adf

• Microsoft bug bounty: https://www.microsoft.com/en-us/msrc/bounty

• Cyber ladies:

  • Twitter: @Cyber_ladies
  • Meetup: https://www.meetup.com/find/events/?allMeetups=false&keywords=cyber+ladies&radius=Infinity

• Devslop show: Live Sundays at 1:00 pm EDT https://aka.ms/DevSlop-Mixer

• Recorded episodes: https://aka.ms/DevSlopShow

• Blog: https://medium.com/@shehackspurple

• Open bug bounty: https://www.openbugbounty.org

• Twitter: @shehackspurple

• Infosec Mastodon - https://infosec.exchange/auth/sign_up

Want to reach out to the show?  There's a few ways to get in touch!

• Purple Squad Security's Twitter: @PurpleSquadSec

• John's Twitter: @JohnsNotHere

• John's Mastodon: https://infosec.exchange/@JohnsNotHere

• Podcast Website: purplesquadsec.com

• Patreon - https://www.patreon.com/purplesquadsec

• Sign-Up for our Slack community: https://signup.purplesquadsec.com

Thanks for listening, and as always, I will talk with you all again next time.

Find out more at http://purplesquadsec.com