---
title: "Bugcrowd Bugs the Crowd"
id: "12686"
type: "podcast"
slug: "bugcrowd-bugs-the-crowd"
published_at: "2022-06-23T10:00:00+00:00"
modified_at: "2023-03-13T17:58:38+00:00"
url: "https://www.lastweekinaws.com/podcast/aws-morning-brief/bugcrowd-bugs-the-crowd/"
markdown_url: "https://www.lastweekinaws.com/podcast/aws-morning-brief/bugcrowd-bugs-the-crowd.md"
taxonomy_shows:
  - "Last Week In AWS"
---

About the Author Corey is the Chief Cloud Economist at Duckbill, where he specializes in helping companies improve their AWS bills by making them smaller and less horrifying. He also hosts the "Screaming in the Cloud" and "AWS Morning Brief" podcasts; and curates "Last Week in AWS," a weekly newsletter summarizing the latest in AWS news, blogs, and tools, sprinkled with snark and thoughtful analysis in roughly equal measure.

[https://podcasts.apple.com/us/podcast/aws-morning-brief/id1466344305](https://podcasts.apple.com/us/podcast/aws-morning-brief/id1466344305)

[https://overcast.fm/itunes1466344305/aws-morning-brief](https://overcast.fm/itunes1466344305/aws-morning-brief)

[https://pca.st/AKs0](https://pca.st/AKs0)

[https://podcastaddict.com/podcast/2382583](https://podcastaddict.com/podcast/2382583)

[https://open.spotify.com/show/3A04JNrNAcZMvn8cvDWpWU](https://open.spotify.com/show/3A04JNrNAcZMvn8cvDWpWU)

[https://feeds.transistor.fm/aws-morning-brief](https://feeds.transistor.fm/aws-morning-brief)

## Episode Summary

Last week in security news: Travis CI continues to be a security nightmare, Bugcrowd basically embarrassed itself for all to see, and more!

## Episode Show Notes & Transcript

**Links:**

- Travis CI [continues to be a security nightmare](https://blog.aquasec.com/travis-ci-security) .
- [Implementing IAM Permission Boundaries with AWS SSO using Terraform](https://mckinnel.me/iam-permission-boundaries-with-aws-sso-using-terraform.html)
- A user reported a vulnerability to a company through Bugcrowd. The [writeup](https://soatok.blog/2022/06/14/when-soatok-used-bugcrowd/) is really worth reviewing.
- The RSA conference was apparently a [super spreader event](https://www.theregister.com/2022/06/16/rsa_covid_risk/?utm_source=twitter&utm_medium=twitter&utm_campaign=auto&utm_content=article) .
- Because nobody beats the Wiz, they've got a post up on the [secret agents installed by cloud service providers](https://www.wiz.io/blog/the-cloud-gray-zone-secret-agents-installed-by-cloud-service-providers/) .
- [Partitioning and Isolating Multi-Tenant SaaS Data with Amazon S3](https://aws.amazon.com/blogs/apn/partitioning-and-isolating-multi-tenant-saas-data-with-amazon-s3/)
- [Service Notice – Upcoming changes required for AWS Config | AWS Cloud Operations & Migrations Blog](https://aws.amazon.com/blogs/mt/service-notice-upcoming-changes-required-for-aws-config/)
- Here's a list of [best practices](https://github.com/hexops/dockerfile) for writing Docker images that don't make you regret running them in production environments.

 View Full Transcript  Hide Full Transcript

## You might also like

[More Podcast Episodes](https://www.lastweekinaws.com/podcast/aws-morning-brief/)