When is a vulnerability not a vulnerability?

SheHacksPurple
Sep 5, 2018 · 5 min read

Recently, I was discussing the types of submissions that are often declined by bug bounty programs with Tomer Schwartz, who works as part of the Microsoft Security Response Center (MSRC). Unfortunately, sometimes he is the person who has to do the declining. He said, “Sometimes a vulnerability just isn’t a vulnerability”. You might think this sounds wrong, but let’s talk about what he meant.

The OWASP Top Ten is often quoted by those who make bug submissions, as though OWASP are the authority on all things web application security. While I do agree that…

To keep reading this story, create a free account.

Already have an account? Sign in

SheHacksPurple

Written by

SheHacksPurple

Tanya Janca’s Application Security Adventures

Microsoft Azure

Microsoft Azure

Any language. Any platform. Our team is focused on making the world more amazing for developers and IT operations communities with the best that Microsoft Azure can provide. If you want to contribute in this journey with us, contact us at medium@microsoft.com

See responses (7)

Discover Medium

Welcome to a place where words matter. On Medium, smart voices and original ideas take center stage - with no ads in sight. Watch

Make Medium yours

Follow all the topics you care about, and we’ll deliver the best stories for you to your homepage and inbox. Explore

Become a member

Get unlimited access to the best stories on Medium — and support writers while you’re at it. Just $5/month. Upgrade
AboutHelpLegal