You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: _posts/2024-03-15-password-reset-vulnerability.md
+1-1Lines changed: 1 addition & 1 deletion
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -9,7 +9,7 @@ Have you ever thrown actual spaghetti at a wall? It’s funny, sticky and barely
9
9
10
10
Running a bug bounty program means a stream of incoming reports, not all of them correct, that must be reviewed. After receiving enough dire-sounding reports that ultimately lead nowhere, it can look like thrown spaghetti (a see-what-sticks approach). Though we try to give each report a thorough, unbiased evaluation, it’s difficult to keep an open mind about any given report.
11
11
12
-
Dead-end reports cost the RubyGems security team time, and slow down our ability to address more urgent security issues. I once spent days working on a vulnerability and the result was “clicking that checkbox in BurpSuite invalidates this approach.”
12
+
Dead-end reports cost the RubyGems security team time, and slow down our ability to address more urgent security issues. I once spent days working on a vulnerability and the result was: _clicking that checkbox in BurpSuite invalidates this approach._
13
13
14
14
But sometimes a hacker finds a very real security issue. This is a story about a recent bug report that I almost closed, assuming it was another false alarm, and how I realized I was wrong.
0 commit comments