Feds tackle open source code quality

Discussion in 'other security issues & news' started by ronjor, Mar 31, 2016.

  1. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,749
    Location:
    Texas
  2. Palancar

    Palancar Registered Member

    Joined:
    Oct 26, 2011
    Posts:
    1,592
    Large "bug bounties" totally rev's up the/my crowd. That specific crowd knows how to de-bug code. As long as the payments are in Bitcoin I could see a ton of participation. Most won't give up their anonymity for BTC unless you are talking about a few hundred of them!
     
  3. Gullible Jones

    Gullible Jones Registered Member

    Joined:
    May 16, 2013
    Posts:
    1,459
    This does sound good, but IMO people should consider where it's coming from. The US government has a record of shortsightedness, hypocrisy, and willful ignorance on such issues.
     
  4. funkydude

    funkydude Registered Member

    Joined:
    Apr 5, 2004
    Posts:
    6,852
    Sorry, but that's nonsense. Most people who care about furthering their career will show this stuff off, it's something to show on your CV with pride. This is evident when there's a Chrome update.

    You seem to be under the impression that there's something to hide, or that participation in bug bounty programs is somehow unethical and shameful which is incorrect.

    Companies are hiring people with these skills, it is a brilliant way to get head hunted.
     
  5. Palancar

    Palancar Registered Member

    Joined:
    Oct 26, 2011
    Posts:
    1,592

    YOUR "take" perfectly describes a white hat coder, likely a hobbyist, who would be proud to display their identity. Maybe have "bragging rights" for a nice exploit discovered and to feel like some kind of team player. They are trying to climb a corporate ladder and make something of themselves. I'll grant you total accuracy with your post based upon addressing a white hat coder. Bug bounties are very legit and lots of corporations use them. They make perfect sense. My actual point was that some of the best hacking talent resides outside of your predication of being "white hat".

    Unfortunately, and in reality, there is an onion world with some of the best hackers out there. You won't discover them on clearnet. They may be here but you won't find them if you get my "drift". Those individuals would be hesitant to come out of the shadows for "fame" but they will gladly provide their significant talents for Bitcoins of substance. Selfishly they would be in it for the money almost exclusively. As an example go to the deep web and ask who is the best hacker. Any name that comes up won't be the right person. The best don't have a name that is known, and that is why they are the best.
     
  6. funkydude

    funkydude Registered Member

    Joined:
    Apr 5, 2004
    Posts:
    6,852
    Mmm, fair enough. Your original post seemed to imply that payments should only be in bitcoin, instead of having bitcoin as an additional option, which is what I'd agree with.

    Though I personally disagree that those wanting anonymity are the majority. I won't argue it since I can't prove it, just seems unlikely to me.
     
  7. Palancar

    Palancar Registered Member

    Joined:
    Oct 26, 2011
    Posts:
    1,592
    I agree with you -- those wanting anonymity are NOT in the majority. Most internet users don't even attempt anonymity by any measure at all. Ever tried to get your friends to use PGP or any other software designed for anonymity? Its hopeless and waste of time on "real name" friends in my world. I gave up years ago.

    Also most coders/hackers going after bug bounties will not be in the majority where total anonymity is concerned. I also cannot prove my point but I firmly believe there are several great hackers that will do "the deed" for the right price and have NO interest in fame or notoriety. For them its "show me the money" as sole inducement. I have conversed with a few psuedo's on onion that are exceptional and gave me some great advice on personal projects. I am not in their league and don't claim to be. What I am is a person that loves to learn and that is about it for me. You have to hang out there for a while and help a few people out with simple things. If you are lucky you'll get invited into a hidden server and then the fun begins.
     
Loading...