EP220 Big Rewards for Cloud Security: Exploring the Google VRP
カートのアイテムが多すぎます
ご購入は五十タイトルがカートに入っている場合のみです。
カートに追加できませんでした。
しばらく経ってから再度お試しください。
ウィッシュリストに追加できませんでした。
しばらく経ってから再度お試しください。
ほしい物リストの削除に失敗しました。
しばらく経ってから再度お試しください。
ポッドキャストのフォローに失敗しました
ポッドキャストのフォロー解除に失敗しました
EP220 Big Rewards for Cloud Security: Exploring the Google VRP
-
ナレーター:
-
著者:
このコンテンツについて
Guests:
- Michael Cote, Cloud VRP Lead, Google Cloud
- Aadarsh Karumathil, Security Engineer, Google Cloud
Topics:
- Vulnerability response at cloud-scale sounds very hard! How do you triage vulnerability reports and make sure we’re addressing the right ones in the underlying cloud infrastructure?
- How do you determine how much to pay for each vulnerability? What is the largest reward we paid? What was it for?
- What products get the most submissions? Is this driven by the actual product security or by trends and fashions like AI?
- What are the most likely rejection reasons?
- What makes for a very good - and exceptional? - vulnerability report? We hear we pay more for “exceptional” reports, what does it mean?
- In college Tim had a roommate who would take us out drinking on his Google web app vulnerability rewards. Do we have something similar for people reporting vulnerabilities in our cloud infrastructure? Are people making real money off this?
- How do we actually uniquely identify vulnerabilities in the cloud? CVE does not work well, right?
- What are the expected risk reduction benefits from Cloud VRP?
Resources:
- Cloud VRP site
- Cloud VPR launch blog
- CVR: The Mines of Kakadûm