This Week in News: Vulnerability Disclosure, Software Architecture

Episode 17 · March 2nd, 2018 · 32 mins 58 secs

About this Episode

Hello, welcome to The New Stack Context, a podcast where we review the week’s hottest news in cloud-native technologies and at-scale application development, as well as look ahead to topics we expect will gain more attention in coming weeks.

On this week's episode, TNS security correspondent Lucian Constantin joins us to talk about how companies can and should handle security reports. His latest story on this subject is based on a recent survey of 1,700 bug bounty participants on HackerOne. The survey revealed that one in four ethical hackers have had cases where they eventually gave up on reporting vulnerabilities because the affected vendors didn't respond to the issues. And this wasn't because of a lack of trying to contact those organizations. Constantin explained how your company sets up a good vulnerability reporting policy so you’ll learn about vulnerabilities from ethical hackers first, before customer data end up for sale on the underground market.

Then, later in the episode, managing editor Joab Jackson talked about the O'Reilly Software Architecture conference he attended in New York this week. He heard a lot about event-driven microservices and got a preview of Camunda, a workflow engine for coordinating complex arrangements of microservices.

TNS Editorial Director Libby Clark hosted this episode, along with TNS Founder Alex Williams.

Episode Links