×
Eventil - Find Tech Events
Official mobile app
FREE - In Google Play
View
×
Eventil
Official mobile app
FREE - In App Store
View
Video not available

Send us an email to hello@eventil.com

How to disclose a security vulnerability

0 0

It’s 10pm, do *you* know where your PGP private keys are? You may be thinking that you’re not a security professional; you won’t be the one to discover a security problem. Think again! You know what a security problem looks like: you’ve probably coded up a few yourself! Learn from your past mistakes– and mine– and prepare your software disaster kit. Hear my story about the security problem in an open source project that I found and reported, and along the way I’ll walk you through the things I wish I had known how to do before I got all worked up. We’ll go over the simplest way to encrypt your problem report using someone’s public key, how to generate a keypair for yourself so that the people you reported to can send a secure reply, and how to distribute your public key *now* so people can be sure of your identity. We’ll also discuss the many possible meanings of “responsible” in this situation, and look at some case studies of disclosures that did not go very smoothly for one or more of the users, the reporter, or the vendor. Studies show you’re 11.4 times more likely to need to report a security vulnerability than to fend off a zombie apocalypse: be ready.

CodeMash 2017

CodeMash is a unique event that will educate developers on current practices, methodologies, and technology trends in a variety of platforms and development languages such as Java, .NET, Ruby, Pyth...