Ever seen a security-related issue that you felt should be reported? Unsure of how reporting a security issue is different than a regular bug? Developers of any level should know how to report a vulnerability. In this talk, we will talk about what CVEs are, some general vulnerability classifications, look at a few ways you can report security issues, as well as look at a few common mistakes.
Knowing how to report a vulnerability is just half the battle, you also need to keep your applications free of them. We will dig into the recent Log4Shell vulnerability and discuss lessons learned when scrambling to update versions. Finally, we will talk about how this scramble can be avoided by getting notifications when new security issues are announced, and how to keep your applications updated automatically.
This talk is geared toward non-security professionals.