Artwork

المحتوى المقدم من Corey Quinn. يتم تحميل جميع محتويات البودكاست بما في ذلك الحلقات والرسومات وأوصاف البودكاست وتقديمها مباشرة بواسطة Corey Quinn أو شريك منصة البودكاست الخاص بهم. إذا كنت تعتقد أن شخصًا ما يستخدم عملك المحمي بحقوق الطبع والنشر دون إذنك، فيمكنك اتباع العملية الموضحة هنا https://ar.player.fm/legal.
Player FM - تطبيق بودكاست
انتقل إلى وضع عدم الاتصال باستخدام تطبيق Player FM !

Disclosing Vulnerabilities in the Cloud with Ryan Nolette

39:42
 
مشاركة
 

Manage episode 447415631 series 2937944
المحتوى المقدم من Corey Quinn. يتم تحميل جميع محتويات البودكاست بما في ذلك الحلقات والرسومات وأوصاف البودكاست وتقديمها مباشرة بواسطة Corey Quinn أو شريك منصة البودكاست الخاص بهم. إذا كنت تعتقد أن شخصًا ما يستخدم عملك المحمي بحقوق الطبع والنشر دون إذنك، فيمكنك اتباع العملية الموضحة هنا https://ar.player.fm/legal.

In this episode of "Screaming in the Cloud," we’re making sure things are nice and secure thanks to Ryan Nolette, Senior Security Engineer at AWS Outreach. As a part of the Outreach team, he’s responsible for making everyone understand the nuances of AWS's Vulnerability Disclosure Program. Corey and Ryan explore the intricacies of AWS's approach to security, including the emphasis on communication with researchers. You’ll also get an overview of what goes into Vulnerability Disclosure Programs and how it courts security researchers over “security researchers.” If there’s anything you can take away from this episode, it’s that Ryan takes great pride in AWS's commitment to transparency and collaboration when it comes to resolving potential security flaws.

Show Highlights

(0:00) Intro

(0:38) Blackblaze sponsor read

(1:06) The role of AWS' security team outreach group

(2:21) The nuance of the Vulnerability Disclosure Program

(4:05) Will the VDP program replace human interactions

(10:08) Response disclosure vs. coordinated disclosure

(15:26) The high-quality communication of the AWS security team

(17:33) Gitpod sponsor read

(18:45) Security researchers vs. "security researchers"

(25:54) What's next for the VDP Program?

(29:26) Avoiding "security by obscurity"

(32:08) Being intentional with security messaging

(36:16) Where you can find more from Ryan

About Ryan Nolette

Ryan is AWS's Senior Security Engineer for the Outreach Team and CoAuthor of AWS Detective. He has previously held a variety of roles including threat research, incident response consulting, and every level of security operations. With almost 2 decades in the infosec field, Ryan has been on the development and operations side of companies such as Postman, Sqrrl, Carbon Black, Crossbeam Systems, SecureWorks and Fidelity Investments. Ryan has been an active speaker and writer on threat hunting and endpoint security

Links

Sponsors

Backblaze: https://www.backblaze.com/

Gitpod: gitpod.io

  continue reading

609 حلقات

Artwork
iconمشاركة
 
Manage episode 447415631 series 2937944
المحتوى المقدم من Corey Quinn. يتم تحميل جميع محتويات البودكاست بما في ذلك الحلقات والرسومات وأوصاف البودكاست وتقديمها مباشرة بواسطة Corey Quinn أو شريك منصة البودكاست الخاص بهم. إذا كنت تعتقد أن شخصًا ما يستخدم عملك المحمي بحقوق الطبع والنشر دون إذنك، فيمكنك اتباع العملية الموضحة هنا https://ar.player.fm/legal.

In this episode of "Screaming in the Cloud," we’re making sure things are nice and secure thanks to Ryan Nolette, Senior Security Engineer at AWS Outreach. As a part of the Outreach team, he’s responsible for making everyone understand the nuances of AWS's Vulnerability Disclosure Program. Corey and Ryan explore the intricacies of AWS's approach to security, including the emphasis on communication with researchers. You’ll also get an overview of what goes into Vulnerability Disclosure Programs and how it courts security researchers over “security researchers.” If there’s anything you can take away from this episode, it’s that Ryan takes great pride in AWS's commitment to transparency and collaboration when it comes to resolving potential security flaws.

Show Highlights

(0:00) Intro

(0:38) Blackblaze sponsor read

(1:06) The role of AWS' security team outreach group

(2:21) The nuance of the Vulnerability Disclosure Program

(4:05) Will the VDP program replace human interactions

(10:08) Response disclosure vs. coordinated disclosure

(15:26) The high-quality communication of the AWS security team

(17:33) Gitpod sponsor read

(18:45) Security researchers vs. "security researchers"

(25:54) What's next for the VDP Program?

(29:26) Avoiding "security by obscurity"

(32:08) Being intentional with security messaging

(36:16) Where you can find more from Ryan

About Ryan Nolette

Ryan is AWS's Senior Security Engineer for the Outreach Team and CoAuthor of AWS Detective. He has previously held a variety of roles including threat research, incident response consulting, and every level of security operations. With almost 2 decades in the infosec field, Ryan has been on the development and operations side of companies such as Postman, Sqrrl, Carbon Black, Crossbeam Systems, SecureWorks and Fidelity Investments. Ryan has been an active speaker and writer on threat hunting and endpoint security

Links

Sponsors

Backblaze: https://www.backblaze.com/

Gitpod: gitpod.io

  continue reading

609 حلقات

كل الحلقات

×
 
Loading …

مرحبًا بك في مشغل أف ام!

يقوم برنامج مشغل أف أم بمسح الويب للحصول على بودكاست عالية الجودة لتستمتع بها الآن. إنه أفضل تطبيق بودكاست ويعمل على أجهزة اندرويد والأيفون والويب. قم بالتسجيل لمزامنة الاشتراكات عبر الأجهزة.

 

دليل مرجعي سريع