Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

YouTube

Coordinated Vulnerability Disclosure - You’ve Come a Long Way, Baby

RSA Conference via YouTube

Overview

Explore the evolution and current state of coordinated vulnerability disclosure in this 52-minute RSA Conference talk. Delve into new research data highlighting the perspectives of both security researchers and organizations on vulnerability disclosure practices. Learn about clashes between researchers and companies, timeline issues, and changing sentiments in the field. Examine case studies of successful bug bounty programs, including those from Microsoft, Facebook, and the U.S. Department of Defense. Analyze survey results and gain insights into researchers' expectations, the impact of open source, and the phenomenon of "Bug Bounty Botox." Conclude with valuable recommendations for improving coordinated vulnerability disclosure processes. Prerequisite: Familiarity with vulnerability disclosure processes and policies.

Syllabus

Intro
The study
Disclosure without coordination
Timeline issue
Sentiment has changed
When CVD goes mainstream
Microsoft bug bounties
Facebook bug bounty
Hacking the Pentagon
What a Researchers Expect
Bug Bounty Botox
Open Source
Survey Results
Recommendations

Taught by

RSA Conference

Reviews

Start your review of Coordinated Vulnerability Disclosure - You’ve Come a Long Way, Baby

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.