• EP220 Big Rewards for Cloud Security: Exploring the Google VRP

  • Apr 21 2025
  • Duración: 29 m
  • Podcast

EP220 Big Rewards for Cloud Security: Exploring the Google VRP

Escúchala gratis

Ver detalles del espectáculo

  • Resumen

  • Guests:

    • Michael Cote, Cloud VRP Lead, Google Cloud
    • Aadarsh Karumathil, Security Engineer, Google Cloud

    Topics:

    • Vulnerability response at cloud-scale sounds very hard! How do you triage vulnerability reports and make sure we’re addressing the right ones in the underlying cloud infrastructure?
    • How do you determine how much to pay for each vulnerability? What is the largest reward we paid? What was it for?
    • What products get the most submissions? Is this driven by the actual product security or by trends and fashions like AI?
    • What are the most likely rejection reasons?
    • What makes for a very good - and exceptional? - vulnerability report? We hear we pay more for “exceptional” reports, what does it mean?
    • In college Tim had a roommate who would take us out drinking on his Google web app vulnerability rewards. Do we have something similar for people reporting vulnerabilities in our cloud infrastructure? Are people making real money off this?
    • How do we actually uniquely identify vulnerabilities in the cloud? CVE does not work well, right?
    • What are the expected risk reduction benefits from Cloud VRP?

    Resources:

    • Cloud VRP site
    • Cloud VPR launch blog
    • CVR: The Mines of Kakadûm
    Más Menos
Más Menos
adbl_web_global_use_to_activate_webcro768_stickypopup

Lo que los oyentes dicen sobre EP220 Big Rewards for Cloud Security: Exploring the Google VRP

Calificaciones medias de los clientes

Reseñas - Selecciona las pestañas a continuación para cambiar el origen de las reseñas.

Reseñas de Audible.com

Opiniones de Amazon
No hay comentarios disponibles