Artwork

Content provided by MLSecOps.com. All podcast content including episodes, graphics, and podcast descriptions are uploaded and provided directly by MLSecOps.com or their podcast platform partner. If you believe someone is using your copyrighted work without your permission, you can follow the process outlined here https://player.fm/legal.
Player FM - Podcast App
Go offline with the Player FM app!

ReDoS Vulnerability Reports: Security Relevance vs. Noisy Nuisance

35:30
 
Share
 

Manage episode 403902513 series 3461851
Content provided by MLSecOps.com. All podcast content including episodes, graphics, and podcast descriptions are uploaded and provided directly by MLSecOps.com or their podcast platform partner. If you believe someone is using your copyrighted work without your permission, you can follow the process outlined here https://player.fm/legal.

In this episode, we delve into a hot topic in the bug bounty world: ReDoS (Regular Expression Denial of Service) reports. Inspired by reports submitted by the huntr AI/ML bug bounty community and an insightful blog piece by open source expert, William Woodruff (Engineering Director, Trail of Bits), this conversation explores:

  • Are any ReDoS vulnerabilities worth fixing?
  • Triaging and the impact of ReDoS reports on software maintainers.
  • The challenges of addressing ReDoS vulnerabilities amidst developer fatigue and resource constraints.
  • Analyzing the evolving trends and incentives shaping the rise of ReDoS reports in bug bounty programs, and their implications for severity assessment.
  • Can LLMs be used to help with code analysis?

Tune in as we dissect the dynamics of ReDoS, offering insights into its implications for the bug hunting community and the evolving landscape of security for AI/ML.

Thanks for listening! Find more episodes and transcripts at https://bit.ly/MLSecOpsPodcast.
Additional tools and resources to check out:
Protect AI Radar: End-to-End AI Risk Management
Protect AI’s ML Security-Focused Open Source Tools
LLM Guard - The Security Toolkit for LLM Interactions
Huntr - The World's First AI/Machine Learning Bug Bounty Platform

  continue reading

32 episodes

Artwork
iconShare
 
Manage episode 403902513 series 3461851
Content provided by MLSecOps.com. All podcast content including episodes, graphics, and podcast descriptions are uploaded and provided directly by MLSecOps.com or their podcast platform partner. If you believe someone is using your copyrighted work without your permission, you can follow the process outlined here https://player.fm/legal.

In this episode, we delve into a hot topic in the bug bounty world: ReDoS (Regular Expression Denial of Service) reports. Inspired by reports submitted by the huntr AI/ML bug bounty community and an insightful blog piece by open source expert, William Woodruff (Engineering Director, Trail of Bits), this conversation explores:

  • Are any ReDoS vulnerabilities worth fixing?
  • Triaging and the impact of ReDoS reports on software maintainers.
  • The challenges of addressing ReDoS vulnerabilities amidst developer fatigue and resource constraints.
  • Analyzing the evolving trends and incentives shaping the rise of ReDoS reports in bug bounty programs, and their implications for severity assessment.
  • Can LLMs be used to help with code analysis?

Tune in as we dissect the dynamics of ReDoS, offering insights into its implications for the bug hunting community and the evolving landscape of security for AI/ML.

Thanks for listening! Find more episodes and transcripts at https://bit.ly/MLSecOpsPodcast.
Additional tools and resources to check out:
Protect AI Radar: End-to-End AI Risk Management
Protect AI’s ML Security-Focused Open Source Tools
LLM Guard - The Security Toolkit for LLM Interactions
Huntr - The World's First AI/Machine Learning Bug Bounty Platform

  continue reading

32 episodes

All episodes

×
 
Loading …

Welcome to Player FM!

Player FM is scanning the web for high-quality podcasts for you to enjoy right now. It's the best podcast app and works on Android, iPhone, and the web. Signup to sync subscriptions across devices.

 

Quick Reference Guide