March 2nd, 2018 | Season 2 | 32 mins 58 secs
bug bounties, camunda, hackerone, iot, microservices, news, o'reilly software architecture conference, security, vulnerability disclosure
On this week's episode, TNS security correspondent Lucian Constantin joins us to talk about how companies can and should handle security reports. His latest story on this subject is based on a recent survey of 1,700 bug bounty participants on HackerOne. The survey revealed that one in four ethical hackers have had cases where they eventually gave up on reporting vulnerabilities because the affected vendors didn't respond to the issues. And this wasn't because of a lack of trying to contact those organizations. Constantin explained how your company sets up a good vulnerability reporting policy so you’ll learn about vulnerabilities from ethical hackers first, before customer data end up for sale on the underground market.