“Bug Hunting in Open Source Software” presented at BSidesPerth 2018

by Silvio Cesare,

Summary : In 2002 I performed a code review of the open source Operating System kernels. In total, I found more than a hundred security vulnerabilities. Fast forward to the present day in 2018. For most of the year, I’ve been performing code review against a variety of open source targets including kernel code and userland applications. As such, I’ve found vulnerabilities in userland Linux and the Linux, FreeBSD, and NetBSD kernels. I’ve even been streaming some of the code review sessions on twitch and YouTube. Moreover, I’ve been holding public code review sessions at InfoSect, my Canberra-based hackerspace, generally finding security vulnerabilities in every session. This presentation looks at some of those vulnerabilities and the response by vendors.