The Songs of InfoSec

Adversity can inspire creativity. It can also inspire insanity. Somewhere in between, we sing of the world electric. Data flows, laws are created and bypassed, privacy is threatened, Bad Guys drink their Red Bull, and the lowly information security professionals of the world stand a vigilant watch. Infosec workers huddle together against the storm, the small campfire of hope burning by our feet. On the coldest nights, stories are told, songs are sung, and coffee is consumed.

Wednesday, May 7, 2014

SPC 2014 - Bounty

Charlie Miller got me thinking about software bug bounty programs. Are they good? Are they bad? Hard to say.

Bounty

I found myself a little bug.
It's in your favorite app.
It makes me feel a little smug.
It'll put me on the map.

I spent a year on Mountain Dew
While plowing through some code.
I fuzzed and fuzzed, just like you do
To find a weakly node.

So after months of grinding hard,
I thought I would cash in.
I finally played my final card
The money filled my bin.

For months I longed to hear the tale
Of how the app was lacking.
But the buyer seemed to cop a fail
and others started hacking.

It was my bug that broke the app,
But someone else had found it.
They used it like a leaky tap
To hack some more, confound it!

If I had let more people know,
They may have fixed it early.
Instead I chose to make some dough,
And now I'm feeling surly.

Yes, I spent a lot of time
And did a lot of work.
But did I help commit a crime
By acting like a merc?

The Songs of InfoSec

Wednesday, May 7, 2014

SPC 2014 - Bounty

Bounty

No comments:

Post a Comment