EP220 Big Rewards for Cloud Security: Exploring the Google VRP
Apr 21 2025
Length: 29 mins
Podcast

Failed to add items

Sorry, we are unable to add the item because your shopping cart is already at capacity.

Add to basket failed.

Please try again later

Add to Wish List failed.

Please try again later

Remove from Wish List failed.

Please try again later

Follow podcast failed

Unfollow podcast failed

EP220 Big Rewards for Cloud Security: Exploring the Google VRP

Listen for free

View show details

Summary
Guests:

Michael Cote, Cloud VRP Lead, Google Cloud
Aadarsh Karumathil, Security Engineer, Google Cloud

Topics:

Vulnerability response at cloud-scale sounds very hard! How do you triage vulnerability reports and make sure we’re addressing the right ones in the underlying cloud infrastructure?
How do you determine how much to pay for each vulnerability? What is the largest reward we paid? What was it for?
What products get the most submissions? Is this driven by the actual product security or by trends and fashions like AI?
What are the most likely rejection reasons?
What makes for a very good - and exceptional? - vulnerability report? We hear we pay more for “exceptional” reports, what does it mean?
In college Tim had a roommate who would take us out drinking on his Google web app vulnerability rewards. Do we have something similar for people reporting vulnerabilities in our cloud infrastructure? Are people making real money off this?
How do we actually uniquely identify vulnerabilities in the cloud? CVE does not work well, right?
What are the expected risk reduction benefits from Cloud VRP?

Resources:

Cloud VRP site
Cloud VPR launch blog
CVR: The Mines of Kakadûm
Show More Show Less

Show More Show Less

What listeners say about EP220 Big Rewards for Cloud Security: Exploring the Google VRP

Average Customer Ratings

Reviews - Please select the tabs below to change the source of reviews.

Audible.com.au reviews

Amazon Reviews

No Reviews are Available

Report a review on Amazon