What we’ve been doing


  • Vacation
  • Idea refinement & generation


  • Finding a job
  • Freelancing via Networking

Security in Open source

  • White Hat vs Black Hat
  • Accidental hackers
    • Stumbling upon a security issue because of another bug
  • All comes down to one thing: Responsible Disclosure
    • Don’t
      • Not posting publicly
      • Not via public Twitter
      • Not telling a bunch of friends
      • Don’t open a GItHub issue publicly
    • Do
      • Usually via an email address
      • Give examples and proof of concept
      • Be willing to work with the team
      • Ask even if you think it’s “dumb”
  • Places to provide disclosure
    • security@ email address
    • HackerOne
    • Contact Form
  • If it’s your project
    • Have a policy in place
      • How do you handle the commits
      • Do they get an issue
      • Do you log them for historical reference (privately)
      • Announcement schedule
      • How do you rate its seriousness?
    • Setup an email address (security@)
  • Examples
    • St Jude Pacemakers
    • WordPress 4.6.1
    • RevSlider
    • Undisclosed Company

How to know if your site is vulnerability?



Links to articles mentioned

Security Reading

Ghost in the Wires: My Adventures as the World’s Most Wanted Hacker

The Art of Deception: Controlling the Human Element of Security

The Art of Invisibility: The World’s Most Famous Hacker Teaches You How to Be Safe in the Age of Big Brother and Big Data

The Art of Intrusion: The Real Stories Behind the Exploits of Hackers, Intruders and Deceivers



Thanks for listening to episode 8 of the RFCPodcast. Be sure to subscribe at rfcpodcast.com/subscribe and leave us a review on iTunes, they really do help us out. If you have feedback or are interested in sponsoring an episode of the RFCPodcast be sure to visit rfcpodcast.com/input.

Leave a Reply

Your email address will not be published. Required fields are marked *

RFC Podcast © 2015-2017