Sign up to save your podcasts
Or
Share Disclosing Vulnerabilities in the Cloud with Ryan Nolette
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
Disclosing Vulnerabilities in the Cloud with Ryan Nolette
In this episode of "Screaming in the Cloud," we’re making sure things are nice and secure thanks to Ryan Nolette, Senior Security Engineer at AWS Outreach. As a part of the Outreach team, he’s responsible for making everyone understand the nuances of AWS's Vulnerability Disclosure Program. Corey and Ryan explore the intricacies of AWS's approach to security, including the emphasis on communication with researchers. You’ll also get an overview of what goes into Vulnerability Disclosure Programs and how it courts security researchers over “security researchers.” If there’s anything you can take away from this episode, it’s that Ryan takes great pride in AWS's commitment to transparency and collaboration when it comes to resolving potential security flaws.
Show Highlights
(0:00) Intro
(0:38) Blackblaze sponsor read
(1:06) The role of AWS' security team outreach group
(2:21) The nuance of the Vulnerability Disclosure Program
(4:05) Will the VDP program replace human interactions
(10:08) Response disclosure vs. coordinated disclosure
(15:26) The high-quality communication of the AWS security team
(17:33) Gitpod sponsor read
(18:45) Security researchers vs. "security researchers"
(25:54) What's next for the VDP Program?
(29:26) Avoiding "security by obscurity"
(32:08) Being intentional with security messaging
(36:16) Where you can find more from Ryan
About Ryan Nolette
Ryan is AWS's Senior Security Engineer for the Outreach Team and CoAuthor of AWS Detective. He has previously held a variety of roles including threat research, incident response consulting, and every level of security operations. With almost 2 decades in the infosec field, Ryan has been on the development and operations side of companies such as Postman, Sqrrl, Carbon Black, Crossbeam Systems, SecureWorks and Fidelity Investments. Ryan has been an active speaker and writer on threat hunting and endpoint security
Links
- AWS VDP on HackerOne: hackerone.com/aws_vdp
- AWS VDP inbox: [email protected]
- LinkedIn: www.linkedin.com/in/cloudy-with-a-chance-of-security
- AWS Vulnerability Reporting site: https://aws.amazon.com/security/vulnerability-reporting/
- Give your feedback on the recently expanded VDP program: https://pulse.aws/survey/MOOFGRLM
Sponsors
Backblaze: https://www.backblaze.com/
Gitpod: gitpod.io
View all episodes
By Corey Quinn
4.7
9292 ratings
In this episode of "Screaming in the Cloud," we’re making sure things are nice and secure thanks to Ryan Nolette, Senior Security Engineer at AWS Outreach. As a part of the Outreach team, he’s responsible for making everyone understand the nuances of AWS's Vulnerability Disclosure Program. Corey and Ryan explore the intricacies of AWS's approach to security, including the emphasis on communication with researchers. You’ll also get an overview of what goes into Vulnerability Disclosure Programs and how it courts security researchers over “security researchers.” If there’s anything you can take away from this episode, it’s that Ryan takes great pride in AWS's commitment to transparency and collaboration when it comes to resolving potential security flaws.
Show Highlights
(0:00) Intro
(0:38) Blackblaze sponsor read
(1:06) The role of AWS' security team outreach group
(2:21) The nuance of the Vulnerability Disclosure Program
(4:05) Will the VDP program replace human interactions
(10:08) Response disclosure vs. coordinated disclosure
(15:26) The high-quality communication of the AWS security team
(17:33) Gitpod sponsor read
(18:45) Security researchers vs. "security researchers"
(25:54) What's next for the VDP Program?
(29:26) Avoiding "security by obscurity"
(32:08) Being intentional with security messaging
(36:16) Where you can find more from Ryan
About Ryan Nolette
Ryan is AWS's Senior Security Engineer for the Outreach Team and CoAuthor of AWS Detective. He has previously held a variety of roles including threat research, incident response consulting, and every level of security operations. With almost 2 decades in the infosec field, Ryan has been on the development and operations side of companies such as Postman, Sqrrl, Carbon Black, Crossbeam Systems, SecureWorks and Fidelity Investments. Ryan has been an active speaker and writer on threat hunting and endpoint security
Links
- AWS VDP on HackerOne: hackerone.com/aws_vdp
- AWS VDP inbox: [email protected]
- LinkedIn: www.linkedin.com/in/cloudy-with-a-chance-of-security
- AWS Vulnerability Reporting site: https://aws.amazon.com/security/vulnerability-reporting/
- Give your feedback on the recently expanded VDP program: https://pulse.aws/survey/MOOFGRLM
Sponsors
Backblaze: https://www.backblaze.com/
Gitpod: gitpod.io
More shows like Screaming in the Cloud
View all
Software Engineering Radio
270 Listeners
Hanselminutes with Scott Hanselman
383 Listeners
The Changelog: Software Development, Open Source
289 Listeners
The a16z Show
1,084 Listeners
Software Engineering Daily
625 Listeners
The Cloudcast
153 Listeners
Thoughtworks Technology Podcast
43 Listeners
Y Combinator Startup Podcast
226 Listeners
Syntax - Tasty Web Development Treats
986 Listeners
AWS Podcast
203 Listeners
AWS Morning Brief
80 Listeners
The Stack Overflow Podcast
64 Listeners
Dwarkesh Podcast
507 Listeners
Oxide and Friends
63 Listeners
The AI Daily Brief: Artificial Intelligence News and Analysis
599 Listeners