Welcome to the this week’s Quotes of the Week: A competition to camouflage bugs, why bug bounty programmes are important, the perils of switching to DevOps and more.
Underhanded C – The competition to camouflage bugs!
“How can you get two nations to jointly write a piece of software both people will trust to do something that is really trust critical: implementing the terms of the nuclear disarmament treaty”
Dr. Scott Craver, associate professor in the Department of Electrical Engineering at Binghamton University explains the theme behind this year’s Underhanded C competition. The theme is based around writing code for a nuclear disarmament programme (exactly what happened after the SALT II negociations between Russia and U.S.A in 1978). “Faking Fissile Material,” will ask contestants to create the kind of worst-case scenario for imaginary verification engineers. “Contestants will be given gamma ray spectrum readings to check whether or not they are sufficiently similar to the fissile material used for nuclear weapons. And their programs are meant to work, until the “host country” somehow triggers the program to return a match even when there isn’t one.” The Underhand C competition asks participants to hide vulnerabilities in the source code in the programming language known as “C”. The aim of the competition is to demonstrate how easy it is to add security flaws into programmes. Read More here
BitTorrent Bug that could lead to cyber attacks
“Thankfully, no such attack has yet been observed in the wild, and Florian responsibly contacted us to share his findings”
A bug found by security researcher Florian Adamsky was recently fixed and reported by BitTorrent. The feature would allow a single user to amplify a small string of data into a much larger flood of network traffic that is directed toward a single target. This distributed reflective denial-of-service (DRDoS) attacks could be aimed at any site. Read More here
Why Bug Bounty Programmes Are Important
“The real value you get out of these programs is the root cause analysis of why a given bug was caused in the first place…you can’t just buy every vulnerability that is out there; you have to start making systematic changes to ensure that bugs don’t get introduced in the first place.”
Alex Rice, co-founder and CTO of HackerOne (a company that puts company’s in touch with security reserachers) has recently been talking about the importance of bug bounty programmes. In an interview with eWEEK, Alex expressed his belief that the programmes benefit is that the company gets to examine the issue of the security vulnerability. Read More here
How to Manage the Shift to DevOp’s
“Lack of experience and/or knowledge of what an effective “DevOps environment” looks like is probably the biggest problem we see. Even if you define clear goals and metrics, it’s pretty tricky to actually improve your process if nobody on the team has experience making such a transition.”
In an interview piece by Brian Taylor with Andrew Philips of XebiaLabs, Andrew discusses the common mistakes some teams and company’s make when attempting to move to an Agile environment. Read More here
If you would like to contribute or come across any stories that are relevant to the Quotes of The Week, please post in the Forum here.