This talk is going to talk about how I got 50 CVE's in a week. I used to play bug bounties and other security penetration testing challenges. After realization I started contributing to Open Source Community and found several critical bugs and got proper satisfaction for the work. Then I met like minded people and started bug hunter with Code Vigilant (http://codevigilant.com), Project for Securing Open Source Software.
9. Realization
● It's enough
● I'm wasting everyday 2hrs
● Luck is the best kick
● Started as noob and got some experience with
app security
● Increased friends network
12. After some days...
● I am not the only person thinking this, Found
something similar
13. What is Code Vigilnat
● A community collaboration effort to make
opensource software’s secure.
● Finding bugs and responsibly disclosing them
to respective author and preferable getting
software updated.
● Responsible disclosure on website after
sufficient interval.
15. Target A EcoSystem
● We Picked WordPress Ecosystem which meant
– WordPress Plugins (current focus)
– WordPress Themes (current Focus)
– WordPress Core (future check)
● Pick an ecosystem which you think is near and
dear to you and the language which you can
easily understand.
16. Why
● 60 million websites world wide
● Current stable release 4.0
22. Expectation
We are seeking for more volunteers to come
forward and help us make opensource
softwares a more secure plateform.
23. For 'U'
● Appeal to use codevigilant plateform
●
You find flaws
– Either join our team and do continuous contribution
• You get an author’s page at codevigilant
• If you get any bounty for the bug you keep it.
– Send Details as one off cases of finding
● We will do co-ordination with third party
● We will try to get it patched or remove it from internet if not patched.
● We will publish advisory on website with yours and co-ordinator’s
name in advisory.
24. For 'U'
● If you want a open source product tested
contact us and we will see what we can do
about it.
● If you want quick test’s you can think about
donating to the project.