『How Open Source Projects Handle Bug Bounties』のカバーアート

How Open Source Projects Handle Bug Bounties

How Open Source Projects Handle Bug Bounties

無料で聴く

ポッドキャストの詳細を見る
Lucas and Luna dive into the messy reality of bug bounty programs in open source. They explore the tension between well-funded programs at companies like Google and Microsoft, and the unfunded, volunteer-driven projects that handle critical vulnerabilities with zero budget. Using the Linux kernel's patch-based model and the HackerOne platform as contrasting case studies, they unpack why bug bounties can create perverse incentives, how triage works without a full-time security team, and what happens when a researcher finds a flaw in a project that can't pay a cent. Specific examples include the 2021 PHP bug that paid out $10,000 and the Heartbleed vulnerability that had no bounty at all. They also touch on the growing role of VDPs (vulnerability disclosure programs) as a middle ground, and why some maintainers argue that bounties actually make projects less safe by attracting the wrong kind of attention. A nuanced look at an often-glamorized corner of open source security. #OpenSource #BugBounties #Security #VulnerabilityDisclosure #LinuxKernel #HackerOne #PHP #Heartbleed #VDP #CVEs #SecurityResearch #CommunityDriven #FexingoBusiness #BusinessPodcast #Technology #Cybersecurity #MaintainerBurnout #EthicalHacking Keep every episode free: buymeacoffee.com/fexingo
adbl_web_anon_alc_button_suppression_t1
まだレビューはありません