The New Stack Context

Episode 17: This Week in News: Vulnerability Disclosure, Software Architecture

March 2nd, 2018  •  32 mins 58 secs  •  Download (45.7 MB)  •  Link with Timestamp

RSS Feed

On this week's episode, TNS security correspondent Lucian Constantin joins us to talk about how companies can and should handle security reports. His latest story on this subject is based on a recent survey of 1,700 bug bounty participants on HackerOne. The survey revealed that one in four ethical hackers have had cases where they eventually gave up on reporting vulnerabilities because the affected vendors didn't respond to the issues. And this wasn't because of a lack of trying to contact those organizations. Constantin explained how your company sets up a good vulnerability reporting policy so you’ll learn about vulnerabilities from ethical hackers first, before customer data end up for sale on the underground market.