Episode 11: CV$$, Web Cache Deception, and SSTI
Critical Thinking - Bug Bounty Podcast
00:00
CVSS and the Bug Bounty Reporting Process
I would love to see more standardization across the bug programs in general or the platforms in general. I think that there's a lot of room where they could be working together instead of competing and making things better for the whole community. There are some scenarios where it's like, all right, this attack is largely, let's say, an availability-based attack, right? We're dossing an account or something like that. But it also leaks a little bit of information, right? And so there's definitely ways, you know, and that would give a bump on the CVSS score due to it affecting the confidentiality metric.
Transcript
Play full episode
