Hey! I found a vulnerability – now what?

Presented at DerbyCon 8.0 Evolution (2018), Oct. 5, 2018, 5 p.m. (25 minutes).

You found a vulnerability in a product and decide to responsibly disclose the issue. Thank you! This should be an easy task to do - right, but what are the steps? This talk will cover what to consider in submitting a vulnerability report and how to submit a good vulnerability report. We will discuss why you should submit a report and will cover the pros and cons of supplying a disclosure date and what Coordinated Vulnerability Disclosure really means. You will also get a behind the scenes insight into what really goes on after the issue was disclosed. We will also touch on scenarios such as what if the issue affects more than one company, and who can help if you don’t feel like reporting the issue directly to a company. The talk will also cover some tips and choices you have for after the issue is disclosed/ addressed. The ups and downs of your end goal – are you there to help protect yourself and other consumers, protect the company, or go for fame – or can you do it all?


Presenters:

Links:

Similar Presentations: