Stitcher for Podcasts

Get the App Open App
Bummer! You're not a
Stitcher Premium subscriber yet.
Learn More
Start Free Trial
$4.99/Month after free trial

Show Info

Episode Info

Episode Info: What we’ve been doing Chris Vacation Idea refinement & generation John Finding a job Freelancing via Networking Security in Open source White Hat vs Black Hat Accidental hackers Stumbling upon a security issue because of another bug All comes down to one thing: Responsible Disclosure Don’t Not posting publicly Not via public Twitter Not telling a bunch of friends Don’t open a GItHub issue publicly Do Usually via an email address Give examples and proof of concept Be willing to work with the team Ask even if you think it’s “dumb” Places to provide disclosure security@ email address HackerOne Contact Form If it’s your project Have a policy in place How do you handle the commits Do they get an issue Do you log them for historical reference (privately) Announcement schedule How do you rate its seriousness? Setup an email address (security@) Examples St Jude Pacemakers WordPress 4.6.1 RevSlider Undisclosed Company How to know if your site is vulnerability? Sucuri Links to articles mentioned WordPress docs on ‘Responsible Disclosure’ – OWASP Rating Methods – MedSec Holdings & Muddy Watters St. Jude Pacemakers – WordPress 4.6.1 Security Advisory –
Read more »

Discover more stories like this.

Like Stitcher On Facebook


Show Info

Episode Options

Listen Whenever

Similar Episodes

Related Episodes