FLOSSHack for Organizers

From OWASP
Revision as of 16:26, 7 November 2012 by TimMorgan (Talk | contribs)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

FLOSSHack is designed as an event and competition that brings together aspiring "breakers" and open source software that could use a hand in securing their software.


Selecting a Target

An ideal target application for a FLOSSHack event has the following properties:

  • Open source -- It is critical for newbies to have the source code available while trying to learn about flaws
  • Is a "worthy" project -- Preferably a project that wouldn't otherwise be able to afford a security audit
  • Is currently maintained -- It does little benefit to a project to find vulnerabilities that no one will fix
  • Has a cooperative maintainer -- Support from a software maintainer in running the event can really help things run smoothly
  • Is an "up and coming" project -- A relatively new project with a quickly growing user base; more likely to be immature code and will benefit the most people

It may be difficult to satisfy all of these properties, but hopefully this provides some guidance.


Overview of Event

Preparation