OWASP Kyiv Spring 2021 ONLINE Meetup

Responsible disclosure: it's not all about the money.
2021-04-24, 12:30–13:00, ZOOM

Starting from an introduction to "Responsible Disclosure" model, we will see this process in detail, pointing out the differences with "Full Disclosure" model, bug bounty programs and black market.
Lastly, three CVEs will be publicly disclosed and presented to the audience, in order to show a real case about the responsible disclosure model.
This is the detailed agenda of the talk:

1 - Intro -> total 5 minutes, divided in:
Who am I? -> 1 minute
Introduction to responsible disclosure -> 4 minutes

2 - Responsible disclosure in detail and differences with full disclosure, bug bounty programs and black marcket -> total 10 minutes

3 - Real case: how to report vulnerabilities to a non-cooperative vendor, gaining the glory and avoiding to be jailed. Analysis of 3 CVEs -> total 10 minutes

4 - Q&A -> 5 minutes