EP220 Big Rewards for Cloud Security: Exploring the Google VRP
Échec de l'ajout au panier.
Veuillez réessayer plus tard
Échec de l'ajout à la liste d'envies.
Veuillez réessayer plus tard
Échec de la suppression de la liste d’envies.
Veuillez réessayer plus tard
Échec du suivi du balado
Ne plus suivre le balado a échoué
EP220 Big Rewards for Cloud Security: Exploring the Google VRP
-
Narrateur(s):
-
Auteur(s):
À propos de cet audio
Guests:
- Michael Cote, Cloud VRP Lead, Google Cloud
- Aadarsh Karumathil, Security Engineer, Google Cloud
Topics:
- Vulnerability response at cloud-scale sounds very hard! How do you triage vulnerability reports and make sure we’re addressing the right ones in the underlying cloud infrastructure?
- How do you determine how much to pay for each vulnerability? What is the largest reward we paid? What was it for?
- What products get the most submissions? Is this driven by the actual product security or by trends and fashions like AI?
- What are the most likely rejection reasons?
- What makes for a very good - and exceptional? - vulnerability report? We hear we pay more for “exceptional” reports, what does it mean?
- In college Tim had a roommate who would take us out drinking on his Google web app vulnerability rewards. Do we have something similar for people reporting vulnerabilities in our cloud infrastructure? Are people making real money off this?
- How do we actually uniquely identify vulnerabilities in the cloud? CVE does not work well, right?
- What are the expected risk reduction benefits from Cloud VRP?
Resources:
- Cloud VRP site
- Cloud VPR launch blog
- CVR: The Mines of Kakadûm
Ce que les auditeurs disent de EP220 Big Rewards for Cloud Security: Exploring the Google VRP
Moyenne des évaluations de clientsÉvaluations – Cliquez sur les onglets pour changer la source des évaluations.
Il n'y a pas encore de critiques pour ce titre.