Carlo Di Dato
I'm an Italian bug hunter, currently working as penetration tester and vulnerability researcher for Advantio Ltd.
I love to break things and find bug. I’m not old, I’m vintage :-)
Talks
Responsible disclosure: it's not all about the money.
Starting from an introduction to "Responsible Disclosure" model, we will see this process in detail, pointing out the differences with "Full Disclosure" model, bug bounty programs and black market.
Lastly, three CVEs will be publicly disclosed and presented to the audience, in order to show a real case about the responsible disclosure model.
This is the detailed agenda of the talk:
1 - Intro -> total 5 minutes, divided in:
Who am I? -> 1 minute
Introduction to responsible disclosure -> 4 minutes
2 - Responsible disclosure in detail and differences with full disclosure, bug bounty programs and black marcket -> total 10 minutes
3 - Real case: how to report vulnerabilities to a non-cooperative vendor, gaining the glory and avoiding to be jailed. Analysis of 3 CVEs -> total 10 minutes
4 - Q&A -> 5 minutes