From Security Weekly WikiJump to navigationJump to search
- Microsoft Bug Bounty Programs Year in Review: $13.7M in Rewards. However, the reward program's architect thinks the money could be better spent.
- In-band key negotiation issue in AWS S3 Crypto SDK for golang is one interesting result of crypto research that resulted in Updates to the Amazon S3 Encryption Client.
- The Devil’s in the Dependency returns to the state of software security to highlight the relation between programming language and dependency flaws, with additional discussion on the consideration of update chains.
- You Have No Idea Who Sent That Email, probably because you haven't reviewed the edge cases and ambiguity of email protocols. It's a lesson that holds for HTTP, web, and mobile apps as well.
- ReVoLTE attack can decrypt 4G (LTE) calls to eavesdrop on conversations, which ties together how the subtleties of encryption and the mismatches in implementation make systems vulnerable.
- Hardware Security Is Hard: How Hardware Boundaries Define Platform Security reminds us that mismatches in implementations doesn't just happen in email protocols, and that supply chain security has long-lasting implications in hardware.
- How to make your security team more business savvy, because dealing with flaws in dependencies, protocols, and hardware isn't done in a void that ignores the products that teams are building and the engineering choices they have to make.