During security testing of a third-party product you come across a new vulnerability. Now what?
In this talk, we will explore how to responsibly disclose new, unknown vulnerabilities (0-Days), how to properly score the criticality using the Common Vulnerability Scoring System (CVSS), and how to submit your bug to the Common Vulnerabilities and Exposures (CVE) database.
OSCP, CRTP, Pentest+, CISSP, CISA, CCSP, CRISC, GCP-CDL and CEH (Master) certified, bilingual (French and English), experienced IT security professional. In the last 4 years, he has performed over 150 penetration testing engagements on a wide range of targets such as network infrastructure, web applications, IoT devices, cloud infrastructure, etc. for clients such as provincial governments, national telcos, large municipalities, police departments, health care providers, and much more. He is the founder of the Atlantic Cybersecurity Collective (formerly OWASP Moncton) and has presented at various infosec events.