Vulnerability disclosure is one of those things that either brings a smile or a scowl to your face, depending on what end of the disclosure you’re on. For some, it’s a thing of pride, and hopefully a monetary reward! For others, it’s a punch to the gut, fear inducing, “Oh crap!” moment because someone has shown you a flaw you weren’t aware of.
But what if the disclosure isn’t actually a valid vulnerability? That’s the topic for this episode discussion, and thankfully I have someone who knows about exactly that! Tanya Janca joins me to discuss when a vulnerability is not a vulnerability!
Some links of interest:
When is a vulnerability not a vulnerability?- https://medium.com/microsoftazure/when-is-a-vulnerability-not-a-vulnerability-41ff9c880adf
- Microsoft bug bounty: https://www.microsoft.com/en-us/msrc/bounty
- Cyber ladies:
- Devslop show: Live Sundays at 1:00 pm EDT https://aka.ms/DevSlop-Mixer
- Recorded episodes: https://aka.ms/DevSlopShow
- Blog: https://medium.com/@shehackspurple
- Open bug bounty: https://www.openbugbounty.org
- Infosec Mastodon – https://infosec.exchange/auth/sign_up
Want to reach out to the show? There’s a few ways to get in touch!
- Purple Squad Security’s Twitter: @PurpleSquadSec
- John’s Twitter: @JohnsNotHere
- John’s Mastodon: https://infosec.exchange/@JohnsNotHere
- Podcast Website: purplesquadsec.com
- Patreon – https://www.patreon.com/purplesquadsec
- Sign-Up for our Slack community: https://signup.purplesquadsec.com
Thanks for listening, and as always, I will talk with you all again next time.