citymeetings.nyc

Your guide to NYC's public proceedings.

QUESTION

How can security researchers submit vulnerabilities they discover?

1:14:53

·

44 sec

The chief information security officer explains that security researchers can submit potential vulnerabilities through an online public-facing portal.

Researchers engage directly with the team through the portal to analyze if the submission is a valid vulnerability
There is typically back-and-forth between the team and researcher to correctly identify the tactics used to exploit the potential vulnerability
The team then determines if the submission proves to be a valid vulnerability that needs to be addressed

Jennifer Gutiérrez

1:14:53

Can you share how security researchers are able to submit vulnerabilities?

Kelly Moan

1:15:00

Yeah, so it's soon as a researcher identifies what they believe is a vulnerability that could be exploited.

1:15:06

They're able to submit through our online portal.

1:15:08

And again, this is public facing portal, the details of that submission and engage directly with the team to analyze whether or not it is valid.

1:15:19

So for example, it's very routine for there might be some back and forth between the team through the intake method to ask some follow-up questions to make sure that we are able to correctly identify the means or the tactics being used to exploit to then prove out if it's a valid vulnerability.

← Previous Chapter

What are the details of New York City's first vulnerability disclosure program?

Next Chapter →

What are the ways individuals can access the online portal?

Is citymeetings.nyc useful to you?

I'm thrilled!

Please help me out by answering just one question.

What do you do?

Thank you!

Want to stay up to date? Sign up for the newsletter.