The article I’m reading tonight is by a bunch of Pennsylvania State University students or graduates. I must get into this because the “psu.edu” in the credits of the article reminded me of Portland State University. I am from Portland and I am convinced that the most creative minds are bred in PDX. It’s the weirdest fashion sense that is so original and involved a lot of Black clothes and Olive Green styles…do you know what I’m getting at? Portland is killing the game as far as fashion and also, the most “feminist” t-shirts are designed there I believe.  I have been across this bridge several times…to get to the Water Park in Washington state…2744

…or to get to Long Beach, Washington, etc.

Lately I’ve been wearing my new bottle of perfume, but it’s the same scent I wore as a teenager, from the store GAP. . .of course this time I had to special order it online since it’s over a decade later and most U.S. Gap stores don’t carry it.  They are still making it somewhere, hopefully at some magical perfumery…I can’t imagine, but it smells dreamy. Anyway, my point is, the scent brings back so many memories of growing up in Hillsboro, a city just outside of Portland, and so I miss there so bad lately that it literally stings my soul–you know how certain scents trigger memories with precision. This is how I wish to explain it! It is known as “odor-evoked autobiographical memory”. Mine are odor-cued vivid memories of my wild child days at Sauvie’s Island in Oregon, and riding the train when I was supposed to be safe&sound at home playing my violin…Good memories for sure.

With that said, let’s see what they’ve been up to in Pennsylvania;

Here is the article title: “An Empirical Study of Web Vulnerability Discovery
Ecosystems” by,
Mingyi Zhao
Pennsylvania State University
muz127@ist.psu.edu

Jens Grossklags
Pennsylvania State University
jensg@ist.psu.edu
Peng Liu
Pennsylvania State University
pliu@ist.psu.edu

  • Wooyun
  • Security paradigms (a workshop)
  • Python scripts (to extend their research)
  • HackerOne (started in 2013) trajectory
  • invitation-only programs
  • Only  a small fraction of vulnerability reports are publicly disclosed.
  • Whoever can explain to me what an SQL injection is in detail, I will buy you a Coke (that’s right I’m not a health-nut–I drink coke, I drink whatever  I want to drink and sometimes I have one vodka in both hands blah blah blah CLICHE). I’ll buy you a Trader Joe’s fruit roll up (i just learned of these majicals) I just made up the word “majicals”

What else can I mention to you all about this article? So much more, here we go:

  • The white hat communities must supply the vulnerability reports in order for the WEB VULNERABILITY DISCOVERY ECOSYSTEM to even be “a thing”

The question we may ask Dr. Spoletini;  “Is the discovery ecosystem eventually going to be an open-source thing?” or we can ask each other this question, we can bounce around opinions about many things in this article, and we can form creative branches off of these researchers’ work.

  • Public bounty programs
  • Is this pdf saying that there are websites that are more popular to target? So if we already know the popular websites for hacking by criminals (yea I said it: criminalz) then is their almost-proprietary “web vulnerability ecosystem” even a good, original creation?!

…or is it to measure the skills and success of White Hats (companies that are like computer police). Strategy diversification is what…nevermind.

IN CONCLUSION, if we can learn more about or turn this is into an actual work or job title, “Vulnerability Report ANALYZER” paying an upper-middle-class salary, then software engineers can better prevent or better spot vulnerabilities in their open-source code or their privately marketed software…remember I said I will treat my future software like it’s my baby…

some errors are dangerous, especially if your software holds client/customer personal identifying information, it can leak…by criminalz hands….remember I told you!!!!

Like if you have a string in Linux written in a certain place, such as at the end, maybe that makes for an easy situation for the criminalz (hackers, etc) trying to guess the address!! They can calculate easily when there are vulnerabilities in your code.

Goodnight,

And Jessica I’m gonna go ahead and say thanks for reading (My girl LIT!) because you always do…

And Paola, you are free to make jokes from this post, and I look forward to dissecting this pdf further as we eat PIZZA. P.S. Who has had Pizzaiolo Pasta? It’s my favorite thing to cook and is Italian, even though I am Irish…my home is Jewish and Italian as far as cookbooks and entrees, and even the doormat says Ciao! I have a bottle of water from Italy against the tile kitchen wall just as DECOR…hmmm…also Nate is half Italian but he is still silent…his way of breaking up was to be silent….but are you really broken up if neither person spoke those words? We never had a disagreement. I call him “my sweetMan” like Camel case!!! How cute right?! or Pascal case…if you are a CS guy or girl. I am moving on from Nate (eventually), but not moving on from school–education is for life–no one can take that away from us.

 

 

 

 

 

Advertisements