Bummer! You're not a
Stitcher Premium subscriber yet.
Learn More
Start Free Trial
$4.99/Month after free trial
HELP

Show Info

Episode Info

Episode Info: What we’ve been doing Chris Vacation Idea refinement & generation John Finding a job Freelancing via Networking Security in Open source White Hat vs Black Hat Accidental hackers Stumbling upon a security issue because of another bug All comes down to one thing: Responsible Disclosure Don’t Not posting publicly Not via public Twitter Not telling a bunch of friends Don’t open a GItHub issue publicly Do Usually via an email address Give examples and proof of concept Be willing to work with the team Ask even if you think it’s “dumb” Places to provide disclosure security@ email address HackerOne Contact Form If it’s your project Have a policy in place How do you handle the commits Do they get an issue Do you log them for historical reference (privately) Announcement schedule How do you rate its seriousness? Setup an email address (security@) Examples St Jude Pacemakers WordPress 4.6.1 RevSlider Undisclosed Company How to know if your site is vulnerability? Sucuri https://wpvulndb.com/ Links to articles mentioned WordPress docs on ‘Responsible Disclosure’ – https://make.wordpress.org/core/handbook/testing/reporting-security-vulnerabilities/ OWASP Rating Methods – https://www.owasp.org/index.php/OWASP_Risk_Rating_Methodology#Step_4:_Determining_the_Severity_of_the_Risk MedSec Holdings & Muddy Watters St. Jude Pacemakers – http://fortune.com/2016/08/31/hacking-st-jude-pacemakers-flawed/ WordPress 4.6.1 Security Advisory –
Read more »

Discover more stories like this.

Like Stitcher On Facebook

EMBED

Show Info

Episode Options

Listen Whenever

Similar Episodes

Related Episodes