Doing bad things for the right reasons: Vulnerability Disclosure at Amazon and AWS
Cloud Village @ DEF CON 33 · Day 1 · Cloud Village
This comprehensive talk, "Doing bad things for the right reasons: Vulnerability Disclosure at Amazon and AWS," delves into the intricate world of vulnerability disclosure from both the vendor and researcher perspectives. Presented by a diverse panel of Amazon and AWS security experts, including Alvin Batakato, Casmir Scholes, Justin Knight, Wesley, and top researcher Jonathan Bowman, the session offers a unique 360-degree view of the processes, challenges, and best practices involved in securing large-scale cloud and consumer services. The speakers illuminate the critical collaboration required between security researchers and organizations to identify, report, and remediate vulnerabilities, ultimately protecting millions of customers.
AI review
A competent Cloud Village panel covering vulnerability disclosure from both sides of the fence — vendor program mechanics and researcher tradecraft — anchored by a reasonably interesting technical case study on the AWS Titan watermark system. Nothing here will make a seasoned researcher miss their flight, but it's honest, structured, and skips most of the vendor chest-thumping you'd expect from an Amazon-heavy lineup.