YoVDO

Coordinated Vulnerability Disclosure - You’ve Come a Long Way, Baby

Offered By: RSA Conference via YouTube

Tags

RSA Conference Courses Data Analysis Courses Bug Bounty Courses Security Research Courses Open Source Courses

Course Description

Overview

Explore the evolution and current state of coordinated vulnerability disclosure in this 52-minute RSA Conference talk. Delve into new research data highlighting the perspectives of both security researchers and organizations on vulnerability disclosure practices. Learn about clashes between researchers and companies, timeline issues, and changing sentiments in the field. Examine case studies of successful bug bounty programs, including those from Microsoft, Facebook, and the U.S. Department of Defense. Analyze survey results and gain insights into researchers' expectations, the impact of open source, and the phenomenon of "Bug Bounty Botox." Conclude with valuable recommendations for improving coordinated vulnerability disclosure processes. Prerequisite: Familiarity with vulnerability disclosure processes and policies.

Syllabus

Intro
The study
Disclosure without coordination
Timeline issue
Sentiment has changed
When CVD goes mainstream
Microsoft bug bounties
Facebook bug bounty
Hacking the Pentagon
What a Researchers Expect
Bug Bounty Botox
Open Source
Survey Results
Recommendations


Taught by

RSA Conference

Related Courses

Social Network Analysis
University of Michigan via Coursera
Intro to Algorithms
Udacity
Data Analysis
Johns Hopkins University via Coursera
Computing for Data Analysis
Johns Hopkins University via Coursera
Health in Numbers: Quantitative Methods in Clinical & Public Health Research
Harvard University via edX