https://wiki.owasp.org/index.php?action=history&feed=atom&title=FLOSSHack_for_Software_MaintainersFLOSSHack for Software Maintainers - Revision history2026-04-30T08:39:24ZRevision history for this page on the wikiMediaWiki 1.27.2https://wiki.owasp.org/index.php?title=FLOSSHack_for_Software_Maintainers&diff=139028&oldid=prevTimMorgan at 21:14, 7 November 20122012-11-07T21:14:44Z<p></p>
<table class="diff diff-contentalign-left" data-mw="interface">
<col class='diff-marker' />
<col class='diff-content' />
<col class='diff-marker' />
<col class='diff-content' />
<tr style='vertical-align: top;' lang='en'>
<td colspan='2' style="background-color: white; color:black; text-align: center;">← Older revision</td>
<td colspan='2' style="background-color: white; color:black; text-align: center;">Revision as of 21:14, 7 November 2012</td>
</tr><tr><td colspan="2" class="diff-lineno" id="mw-diff-left-l13" >Line 13:</td>
<td colspan="2" class="diff-lineno">Line 13:</td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"><div>## Their opinion on the best version of software to test against (latest release version vs. source code repository version, etc)</div></td><td class='diff-marker'> </td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"><div>## Their opinion on the best version of software to test against (latest release version vs. source code repository version, etc)</div></td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"><div>## Instructions on the typical deployment/installation configuration (or better yet, provide organizers with a pre-installed virtual machine!)</div></td><td class='diff-marker'> </td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"><div>## Instructions on the typical deployment/installation configuration (or better yet, provide organizers with a pre-installed virtual machine!)</div></td></tr>
<tr><td class='diff-marker'>−</td><td style="color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div>## An overview of the <del class="diffchange diffchange-inline">applications </del>authorization model: what roles exist and ''who'' should be allowed to do ''what''</div></td><td class='diff-marker'>+</td><td style="color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div>## An overview of the <ins class="diffchange diffchange-inline">application's </ins>authorization model: what roles exist and ''who'' should be allowed to do ''what''</div></td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"><div>## Any information on what attack scenarios are most likely against the software</div></td><td class='diff-marker'> </td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"><div>## Any information on what attack scenarios are most likely against the software</div></td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"><div># FLOSSHack organizers schedule the workshop event, publish details</div></td><td class='diff-marker'> </td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"><div># FLOSSHack organizers schedule the workshop event, publish details</div></td></tr>
</table>TimMorganhttps://wiki.owasp.org/index.php?title=FLOSSHack_for_Software_Maintainers&diff=131507&oldid=prevTimMorgan: Created page with "== FLOSSHack for Software Maintainers == If your software project been selected for a FLOSSHack event, then '''congratulations'''! This means that we're interested in br..."2012-06-16T16:41:29Z<p>Created page with "== FLOSSHack for Software Maintainers == If your software project been selected for a <a href="/index.php/FLOSSHack" title="FLOSSHack">FLOSSHack</a> event, then '''congratulations'''! This means that we're interested in br..."</p>
<p><b>New page</b></p><div>== FLOSSHack for Software Maintainers ==<br />
<br />
If your software project been selected for a [[FLOSSHack]] event, then '''congratulations'''! This means that we're interested in breaking your code, in a good way. <br />
<br />
FLOSSHack events are designed to accomplish two primary goals:<br />
* Help those who want to learn more about security auditing of software<br />
* Improve the security posture of a worthy software project (like yours) at low or no cost<br />
<br />
For the event to be the most successful, we encourage close collaboration with software maintainers. While we could operate completely autonomously (relying solely on software and documentation that software maintainers have already published), we think an ''ideal'' FLOSSHack event would go something like this:<br />
<br />
# FLOSSHack "target" software selected<br />
# Software maintainers contacted and provide FLOSSHack organizers with:<br />
## Their opinion on the best version of software to test against (latest release version vs. source code repository version, etc)<br />
## Instructions on the typical deployment/installation configuration (or better yet, provide organizers with a pre-installed virtual machine!)<br />
## An overview of the applications authorization model: what roles exist and ''who'' should be allowed to do ''what''<br />
## Any information on what attack scenarios are most likely against the software<br />
# FLOSSHack organizers schedule the workshop event, publish details<br />
# About one week before the workshop date, participants begin auditing the software based on details provided by maintainers<br />
# On the day of the workshop:<br />
## Participants gather face-to-face and remotely for an intensive hack session<br />
## Friendly competition on who can find the "most" or "best" bugs is encouraged<br />
## Software maintainers are encouraged to send a representative or join remotely. This can be very helpful for participants as questions about the software's intended use cases arise.<br />
## At the end of the hack session, awards may be given to the most successful participants, based on number or types of vulnerabilities found. (Software maintainers are welcome to provide small prizes to be given away as awards. Small incentives can go a long way!)<br />
# FLOSSHack organizers gather up all of the vulnerabilities and other security-related flaws found by participants and are provided to the software maintainer through a [http://en.wikipedia.org/wiki/Responsible_disclosure responsible disclosure] process:<br />
## In most cases, CVE identifiers will be assigned to the vulnerabilities found<br />
## After the flaws have been corrected in the source code, software maintainers release patches and/or new versions of the software to help secure their userbase. At that time, the original FLOSSHack participants who found the flaws ''should be credited with the finding, unless they choose to remain anonymous''. A simple credit is all that is necessary, such as "Thanks to Jane Participant for bringing CVE-XXXX-XXXX to our attention."<br />
## After all flaws have been corrected, a listing of the flaws found will be posted to the FLOSSHack event page</div>TimMorgan