Summary: Vulnerability disclosure is one of those things that either brings a smile or a scowl to your face, depending on what end of the disclosure you’re on. For some, it’s a thing of pride, and hopefully a monetary reward! For others, it’s a punch to the gut, fear inducing, “Oh crap!” moment because someone has shown you a flaw you weren’t aware of. But what if the disclosure isn’t actually a valid vulnerability? That’s the topic for this episode discussion, and thankfully I have someone who knows about exactly that! Tanya Janca joins me to discuss when a vulnerability is not a vulnerability! Some links of interest: When is a vulnerability not a vulnerability?- https://medium.com/microsoftazure/when-is-a-vulnerability-not-a-vulnerability-41ff9c880adf Microsoft bug bounty: https://www.microsoft.com/en-us/msrc/bounty Cyber ladies: Twitter: @Cyber_ladies Meetup: https://www.meetup.com/find/events/?allMeetups=false&keywords=cyber+ladies&radius=Infinity Devslop show: Live Sundays at 1:00 pm EDT https://aka.ms/DevSlop-Mixer Recorded episodes: https://aka.ms/DevSlopShow Blog: https://medium.com/@shehackspurple Open bug bounty: https://www.openbugbounty.org Twitter: @shehackspurple Infosec Mastodon – https://infosec.exchange/auth/sign_up Want to reach out to the show? There’s a few ways to get in touch! Purple Squad Security’s Twitter: @PurpleSquadSec John’s Twitter: @JohnsNotHere John’s Mastodon: https://infosec.exchange/@JohnsNotHere Podcast Website: purplesquadsec.com Patreon – https://www.patreon.com/purplesquadsec Sign-Up for our Slack community: https://signup.purplesquadsec.com Thanks for listening, and as always, I will talk with you all again next time.
