Last February, a security researcher claimed he had the ability upload non-media files to YouTube, and he reported this as a major vulnerability hoping that Google would pay him for the discovery. Google, in response, said the discovery was simply a non-security bug.
What exactly is security research anyway?
Listen to episode 130 of our Security Slice podcast and hear Craig Young and Tyler Reguly discuss the difference between finding a bug and finding a vulnerability, and why security research should amount to more than a catchy headline, and why we should consider global governance might be the answer to the gray areas in security research.
Click Here to Listen to the Podcast
- Security Slice: Metadata Revelations
- Security Slice: The Five Senses of Breach Detection
- Security Slice: Plugging HTTPS Leakage
- Security Slice: World War XP
Check out Tripwire SecureScan™, a free, cloud-based vulnerability management service for up to 100 Internet Protocol (IP) addresses on internal networks. This new tool makes vulnerability management easily accessible to small and medium-sized businesses that may not have the resources for enterprise-grade security technology.
The Executive’s Guide to the Top 20 Critical Security Controls
Tripwire has compiled an e-book, titled The Executive’s Guide to the Top 20 Critical Security Controls: Key Takeaways and Improvement Opportunities, which is available for download [registration form required].
Title image courtesy of ShutterStock