<description>&lt;p dir="ltr"&gt;Guests:&lt;/p&gt; &lt;ul&gt; &lt;li dir="ltr" role="presentation"&gt;&lt;a href= "https://www.linkedin.com/in/sivaneshashok/?originalSubdomain=in"&gt;Sivanesh Ashok&lt;/a&gt;, bug bounty hunter&lt;/li&gt; &lt;li dir="ltr" role="presentation"&gt;Sreeram KL, bug bounty hunter&lt;/li&gt; &lt;/ul&gt; &lt;p&gt;Topics:&lt;/p&gt; &lt;ul&gt; &lt;li dir="ltr" role="presentation"&gt;We hear from the Cloud VRP team that you write excellent bugbounty reports - is there any advice you'd give to other researchers when they write reports?&lt;/li&gt; &lt;li dir="ltr" role="presentation"&gt;You are one of Cloud VRP's top researchers and won the MVH (most valuable hacker) award at their event in June - what do you think makes you so successful at finding issues? &lt;/li&gt; &lt;li dir="ltr" role="presentation"&gt;What is a Bugswat?&lt;/li&gt; &lt;li dir="ltr" role="presentation"&gt;What do you find most enjoyable and least enjoyable about the VRP?&lt;/li&gt; &lt;li dir="ltr" role="presentation"&gt;What is the single best piece of advice you'd give an aspiring cloud bug hunter today?&lt;/li&gt; &lt;/ul&gt; &lt;p&gt;&lt;strong&gt; &lt;/strong&gt;Resources:&lt;/p&gt; &lt;ul&gt; &lt;li dir="ltr" role="presentation"&gt;&lt;a href= "https://cloud.withgoogle.com/cloudsecurity/podcast/ep220-big-rewards-for-cloud-security-exploring-the-google-vrp/"&gt; EP220 Big Rewards for Cloud Security: Exploring the Google VRP&lt;/a&gt;&lt;/li&gt; &lt;li dir="ltr" role="presentation"&gt;&lt;a href= "https://bughunters.google.com/about/rules/google-friends/4849867320328192/cloud-vulnerability-reward-program-rules"&gt; Cloud Vulnerability Reward Program Rules&lt;/a&gt;&lt;/li&gt; &lt;li dir="ltr" role="presentation"&gt;&lt;a href= "https://bughunters.google.com/blog/5364401980899328/hardening-google-cloud-insights-from-the-latest-cloud-vrp-bugswat"&gt; Insights from BugSWAT&lt;/a&gt;&lt;/li&gt; &lt;li dir="ltr" role="presentation"&gt;&lt;a href= "https://cloud.google.com/blog/products/identity-security/google-cloud-launches-new-vulnerability-rewards-program"&gt; Google Cloud's Vulnerability Reward Program&lt;/a&gt;&lt;/li&gt; &lt;li dir="ltr" role="presentation"&gt;&lt;a href= "https://www.criticalthinkingpodcast.io/"&gt;Critical Thinking Podcast&lt;/a&gt;&lt;/li&gt; &lt;/ul&gt; &lt;p&gt; &lt;/p&gt;</description>

Cloud Security Podcast by Google

Anton Chuvakin

EP253 The Craft of Cloud Bug Hunting: Writing Winning Reports and Secrets from a VRP Champion

NOV 24, 202528 MIN
Cloud Security Podcast by Google

EP253 The Craft of Cloud Bug Hunting: Writing Winning Reports and Secrets from a VRP Champion

NOV 24, 202528 MIN

Description

Guests:

Topics:

  • We hear from the Cloud VRP team that you write excellent bugbounty reports - is there any advice you'd give to other researchers when they write reports?
  • You are one of Cloud VRP's top researchers and won the MVH (most valuable hacker) award at their event in June - what do you think makes you so successful at finding issues?
  • What is a Bugswat?
  • What do you find most enjoyable and least enjoyable about the VRP?
  • What is the single best piece of advice you'd give an aspiring cloud bug hunter today?

Resources: