Doing Bad Things for the Right Reasons - A Look at the AWS Vulnerability Disclosure and Remediation Process
fwd:cloudsec via YouTube
Overview
Explore the intricacies of cloud security vulnerability disclosure in this 30-minute conference talk delivered by AWS Senior Security Engineer Ryan Nolette at fwd:cloudsec Europe 2024. Gain valuable insights into the methodologies security researchers employ when approaching cloud services, understand the fundamentals of Coordinated Vulnerability Disclosure (CVD), and learn about critical concepts like embargo periods and public disclosure protocols. Discover the AWS workflow for handling security findings through real-world examples, and understand the proper channels for reporting vulnerabilities. Drawing from nearly two decades of information security experience, including roles in threat research, incident response consulting, and security operations, Nolette shares expert knowledge on responsible security research practices in cloud environments. Access comprehensive presentation slides to supplement the learning experience and understand how to contribute to maintaining robust cloud infrastructure security.
Syllabus
Doing bad things for the right reasons: A look at the AWS vulnerability disclosure[…] ~ Ryan Nolette
Taught by
fwd:cloudsec