Past research such as JNDI Injection, Unsafe deserialization, Struts RCEs - OSS security: CodeQL, Dependabot, collaboration between researchers and developers, OWASP Top Ten Proactive Controls, CVD for OSS
Segment Resources:
- [Write more secure code with the OWASP Top 10 Proactive Controls] https://github.blog/2021-12-06-write-more-secure-code-owasp-top-10-proactive-controls/
- [An analysis on developer-security researcher interactions in the vulnerability disclosure process] https://github.blog/2021-09-09-analysis-developer-security-researcher-interactions-vulnerability-disclosure/
- [Building security researcher and developer collaboration] https://www.securitymagazine.com/articles/97066-how-to-build-security-researcher-and-software-developer-collaboration
- [Coordinated vulnerability disclosure (CVD) for open source projects] https://github.blog/2022-02-09-coordinated-vulnerability-disclosure-cvd-open-source-projects/
- [GitHub Advisory Database now open to community contributions] https://github.blog/2022-02-22-github-advisory-database-now-open-to-community-contributions/
- [Blue-teaming for Exiv2: creating a security advisory process] https://github.blog/2021-11-02-blue-teaming-create-security-advisory-process/
Visit https://www.securityweekly.com/asw for all the latest episodes!
Show Notes: https://securityweekly.com/asw189