"This Needs to be Fixed" and Other Jokes in Commit Statements

Presented at DEF CON 18 (2010), July 31, 2010, noon (50 minutes)

Open source. These two words mean lots of things to lots of people. Some say, because it's open source it's more secure because you have complete transparency. Some say, because it's open source it's less secure because amateurs are writing the code. Well, one thing is true, with open source you have free reign to see the code and all the commentary left in there before it's compiled away. Ever wondered what was in those comments? Is there some lingering bug with a comment left behind to remind someone to go back in to fix it later? How many times did the developer leave a comment behind with the word 'bollocks' in it? These are the questions we set out to answer and this talk is about those answers and how we got them. During our talk we'll cover how we went about crawling the Internets for any and all public repositories, how we parsed the source code and commit statements in the repos we found, how we store the results, and of course the results. Some of what we find will be security specific.... much of what we find will just be comedy. We plan on releasing access to a web interface to perform your own queries against our results to see what interesting comments you can find in which repositories.

Presenters:

• Bruce Potter / @gdead - Founder, The Shmoo Group   as Bruce Potter
  Bruce Potter is the founder of the Shmoo Group of security, crypto, and privacy professionals. He is also the co-founder and CTO of Ponte Technologies, a company focused on developing and deploying advanced IT defensive technologies. His areas of expertise include wireless security, network analysis, trusted computing, pirate songs, reusing bios, and restoring hopeless vehicles. Mr. Potter has co-authored several books and writes monthly articles for "Network Security".
• Logan Lodge - The Shmoo Group
  Logan Lodge s a member of the Shmoo group and an avid Python developer. When he's not dominating in TF2, or blogging about the benefits of test driven development, he's likely on a golf course somewhere testing the limits of a golf ball's flight trajectory or attempting to drive a dispenser off of a boat to see if it's flight worthy.

Links:

• https://defcon.org/html/defcon-18/dc-18-speakers.html#Potter
• https://infocon.org/cons/DEF CON/DEF CON 18/DEF CON 18 video and slides/DEF CON 18 - Bruce Potter and Logan Lodge - This Needs to be Fixed - Video and Slides.mp4 (Video and Slides)
• https://www.youtube.com/watch?v=y5MZ2A0lMpw

Similar Presentations:

• 31C3 (2014) / The Invisible Committee Returns with "Fuck Off Google": Cybernetics, Anti-Terrorism, and the ongoing case against the Tarnac 10
• DEF CON 16 (2008) / Panel: Hacking in the Name of Science
• BruCON 0x09 (2017) / Open Source Security Orchestration