Martin's selection of few interesting IT Security, Privacy, and free tools from the Net: Advice from Bug bounty hunters - ( read this, developers and architects) Each bug needs to be a lesson where a security lead needs to ask: “Why is this bug here? How is it being used? How did we miss it earlier? What process problems need to be addressed so we could of found it earlier? Who had access to this code and reviewed it and why, for whatever reason, didn’t they report it?”

Friday, August 10, 2018

Advice from Bug bounty hunters - ( read this, developers and architects) Each bug needs to be a lesson where a security lead needs to ask: “Why is this bug here? How is it being used? How did we miss it earlier? What process problems need to be addressed so we could of found it earlier? Who had access to this code and reviewed it and why, for whatever reason, didn’t they report it?”

Message to apple
“Undeniably these people have really strong engineering security skillsets. But, they don’t have an exploitation background… Their focus is on the design of the system and not on exploitation,” he said. “Please, we need to stop just spot-fixing bugs and learn from them, and act on that.”

https://threatpost.com/google-bug-hunter-urges-apple-to-change-its-ios-security-culture/134842/

Martin's selection of few interesting IT Security, Privacy, and free tools from the Net

Friday, August 10, 2018

No comments:

Post a Comment

Popular Posts

Categories

Blog Archive