Third-party risk, DevOps, Bug bounties, Threat modeling, Security Research

China’s Top Hacking Contest, GitHub Actions, & Vulnonym – ASW #129

November 9, 2020

China’s top hacking contest turns months of effort into 15 minutes of exploits, an injection flaw in GitHub Actions, understanding post-compromise activity in exploits targeting Solaris and VoIP, security and quality challenges in integrating software from multiple vendors, and CVE naming turns into wibbly wobbly timey wimey stuff! Visit for all the latest episodes!

Full Episode Show Notes

China's Top Hacking Contest, GitHub Actions, & Vulnonym



[caption id="attachment_210" align="alignleft" width="120"]John Kinsella John Kinsella - Vice President of Container Security[/caption] [caption id="attachment_210" align="alignleft" width="120"]Matt Alderman Matt Alderman - CEO[/caption] [caption id="attachment_210" align="alignleft" width="120"]Mike Shema Mike Shema - Product Security Lead[/caption]


  • Would you like to have all of your favorite Security Weekly content at your fingertips? Do you want to hear from Sam & Andrea when we have upcoming webcasts & technical trainings? Have a question for one of our illustrious hosts, someone from the Security Weekly team, or wish you could “hang” out with the Security Weekly crew & community? Subscribe on your favorite podcast catcher, sign up for our mailing list, and join our Discord Server to stay in the loop on all things Security Weekly! Visit:

  • In our upcoming webcasts & technical trainings, you will learn why you should stop trying to discover & classify data, how to thwart attackers using deception & how to build a risk-based vulnerability management program! Visit to see what we have coming up, or visit to view our previously recorded webcasts!

[audio src=""]
prestitial ad