How to report a vulnerability: Responsible Disclosure for Developers

Presented at JCON EUROPE 2023

June 21, 2023 bdemers

Ever seen a security-related issue that you felt should be reported? Unsure of how reporting security issue is different than a regular bug? Developers of any level should know how to report a vulnerability.

In this talk, we will talk about what CVEs are, some general vulnerability classifications, look at a few common ways you can report security issues, as well as look at a few common mistakes.

This talk is geared toward non-security professionals.

Resources

The following resources were mentioned during the presentation or are useful additional information.

Vulnerability Scoring Calculator
ASF Project Security For Committers
OWASP: Vulnerability Disclosure Cheat Sheet
security.txt
GitHub Private vulnerability reporting (beta)
Build Speed Challenge (Free Swag)
The Developer Productivity Engineering (DPE) Handbook
Introduction to DPE (More Free Swag!)
Gradle is Hiring

Brian Demers

How to report a vulnerability: Responsible Disclosure for Developers

Resources

Brian Demers

Recent Posts

Use the Maven Wrapper to optimize your build workflow

Five ways to speed up your Maven builds

Maven Dependency Hell: Five Tips to Get Out

How to speed up Apache Maven Builds with a Build Cache

From Hour-Long Builds to Streamlined Productivity: The Spring Boot Journey

Categories

Home