Vulnerability disclosure is one of those things that either brings a smile or a scowl to your face, depending on what end of the disclosure you're on.  For some, it's a thing of pride, and hopefully a monetary reward!  For others, it's a punch to the gut, fear inducing, "Oh crap!" moment because someone has shown you a flaw you weren't aware of.

But what if the disclosure isn't actually a valid vulnerability? That's the topic for this episode discussion, and thankfully I have someone who knows about exactly that!  Tanya Janca joins me to discuss when a vulnerability is not a vulnerability!

Some links of interest:

When is a vulnerability not a vulnerability?- https://medium.com/microsoftazure/when-is-a-vulnerability-not-a-vulnerability-41ff9c880adf

Microsoft bug bounty: https://www.microsoft.com/en-us/msrc/bounty

Cyber ladies:

Devslop show: Live Sundays at 1:00 pm EDT https://aka.ms/DevSlop-Mixer

Recorded episodes: https://aka.ms/DevSlopShow

Blog: https://medium.com/@shehackspurple

Open bug bounty: https://www.openbugbounty.org

Twitter: @shehackspurple

Infosec Mastodon - https://infosec.exchange/auth/sign_up

Want to reach out to the show?  There's a few ways to get in touch!

Purple Squad Security's Twitter: @PurpleSquadSec

John's Twitter: @JohnsNotHere

John's Mastodon: https://infosec.exchange/@JohnsNotHere

Podcast Website: purplesquadsec.com

Patreon - https://www.patreon.com/purplesquadsec

Sign-Up for our Slack community: https://signup.purplesquadsec.com

Thanks for listening, and as always, I will talk with you all again next time.

Find out more at http://purplesquadsec.com