Explore vulnerability disclosure policies and responsible hacking practices in this 27-minute conference talk from BSides Cleveland 2021. Delve into topics such as work injuries, admin user vulnerabilities, and Dave Kennedy's experiences. Learn about proof of concept, job titles, certifications, and timelines in the security field. Examine various vulnerability types, massive failures, and time-to-fix considerations. Discuss legal aspects, chat apps, and government involvement in cybersecurity. Gain insights into digital services agencies, Pentagon initiatives, and additional resources. Cover bug bounty programs, vulnerability disclosure policies (VDP), and proper contact information for ethical hacking. Benefit from real-world examples and expert advice on navigating the complex landscape of responsible vulnerability disclosure.
Overview
Syllabus
Intro
Work Injury
Burpee Admin User
Dave Kennedy Story
Proof of Concept
Job Titles
Certifications
Timeline
Question
Vulnerability Types
Another Massive Failure
Time to Fix
Legal
Chat Apps
Government Stuff
Digital Services Agency
Pentagon
More Resources
Teachers Pet
Bug Bounty
VDP
Contact Info
Conclusion
Related Courses
-
An Invitation to Hack - Benefits and Risks of Vulnerability Disclosure Programs
-
Coordinated Vulnerability Disclosure - You’ve Come a Long Way, Baby
-
Green Sprouts - Encouraging Signs of Life from the Department of Defense's Security Strategy - Lisa Wiswell - USENIX Enigma Conference - 2017
-
An Oral History of Bug Bounty Programs
-
Bug Bounty Conspiracy and 50 Shades of Gray Hat - Who Owns the Vulnerability?
-
Fixing the Internet's Auto-Immune Problem - Bilateral Safe Harbor for Good-Faith Hackers
