Everything posted by Katie Moussouris
This is a 20 minute video covering the ISO standards for vulnerability disclosure (ISO 29147) & vulnerability handling processes (ISO 30111). They've been updated since the versions this video is based on. One is out already, the other forthcoming later this year. https://www.iso.org/standard/72311.html https://www.iso.org/standard/53231.html
Let's start with the light (dark?) side of vulnerability disclosure: The Pwnie Awards. 🦄 There's still time for a nomination for Lamest Vendor Response! Enter here: https://docs.google.com/forms/d/e/1FAIpQLSfZlVxAuoMaHgZVrzNWREccbqXrJcqIST_4Z2F12a3VbqfJhg/viewform
In a world where nobody writes perfect code or keeps up with applying patches for known vulnerabilities, there exist people who try to warn others. Sometimes lauded as heroes of the internet, other times treated like outlaws, this is a place to post the best & the worst of vulnerability disclosure related experiences. Whether you're a finder, coordinator, or receiving party to vuln disclosure, there is much to discuss in this often misunderstood space.