Episode 291

Episode 291 - Everyone sucks at vulnerability disclosure

Open Source Security · Open Source Security

October 4, 202135m 26s

Audio is streamed directly from the publisher (traffic.libsyn.com) as published in their RSS feed. Play Podcasts does not host this file. Rights-holders can request removal through the copyright & takedown page.

Original episode page

Show Notes

Josh and Kurt talk about recent events around Apple and Microsoft disclosing security vulnerabilities. Microsoft usually does a good job, but Apple has a long history of not having a great bug bounty or vulnerability disclosure policy. None of this is simple, but hopefully you'll have some fun and learn a bit about the whole vulnerability disclosure process.

Show Notes

Apple 0days
Microsoft Exchange flaw
THIS IS HOW THEY TELL ME THE WORLD ENDS
Linux Foundation Vulnerability Disclosure
Timezone problem

← All episodes of Open Source Security