Jamie Slome

🎉👏 Congratulations to Jamie Slome of @Citi for winning the Most Active Individual Award at our Open Source in Finance Forum! hubs.ly/Q02DX3lS0 ➡️ Speak at OSFF NYC: hubs.ly/Q02DX0nS0 #opensource #fintech #OSinFinance #OSFF2024 #regtech #financialservices #finance

Last week @KatNovakovic and I represented @Citi at @openuk_uk State of Open Con '24. Elizabeth Lumley, Deputy Editor of @TheBanker (@FT), said "I'd never heard a case study from a bank presented with such clarity and transparency before". 🎥 Watch it now: youtube.com/watch?v=egm308…

@jh3yy @danielcroe @puruvjdev Confetti will also appear in the Open Graph image too 🎉 Just a bit of time for the cache to update 👍

@danielcroe @puruvjdev @JamieSlome Ya love to see it! 😍 Thought it was gonna be a quick `canvas-confetti` drop-in. This is colorful 🫶

Was hoping for confetti 🥲 page-speed.dev/jhey.dev

@JGamblin A new incentive to *not* look for vulnerabilities, I guess.

The House passed a defense spending bill saying you can't sell software to the DoD that has *any* known CVEs in it. congress.gov/bill/117th-con…

use after free in skipwhite in vim/vim huntr.dev/bounties/8628b…

@doublevkay @huntrdev Great work @doublevkay ♥️

I have submitted 18 reports, 9 validated, and 4 CVEs in a month. Just small things for the beginning, but yeah, glad that I end up at the #top2 leaderboard (30 days) on @huntrdev. Appreciate the #CodeQL help! Wish you all happy hacking!😁

Welcoming @getoutline to huntr.dev 🤝 With up to $2000 in rewards per vulnerability, and a super-responsive maintainer (@tommoor ♥️), this is a bug bounty programme you won't want to miss. Report now: huntr.dev/repos/outline/…

I have found a high severity vulnerability in @momentjs - one of the most depended-upon packages on @npmjs. The vulnerability has been found with CodeQL, reported on @huntrdev. It is also my first #CVE, first #bugbounty, and the first GHSA credit.😄 huntr.dev/bounties/f0952…

Earn bounties by Hacking with Rengine as well as Hacking Rengine. huntr.dev/bounties/8ea5d…

Learn about Unverified Password Changes and how you can snag quick vulnerabilities in web applications. Plus, see how you can go through the process of submitting your first bug on @huntrdev medium.themayor.tech/bug-bounty-tip…

@joehelle @huntrdev @FearlessSec Joe is 🔥

@FearlessSec It wouldn't be like this if I was sticking to the big bounty platforms. @huntrdev is really neat, and I honestly feel like I'm helping these project maintainers. A lot of these applications are managed by small teams, and helping them is pretty awesome.

Joe says he hates web app, but the amount of bug bounties and CVE’s he’s getting says otherwise. No, but for real, this is really rad, and I’m proud of you, buddy. Good stuff as always.

As usual, thanks to the @huntrdev and @JamieSlome for all the help during the whole process <3

Yes.

It’d be kind of cool if someone consolidated CVEs / writeups by the language used to write the software. Like on huntr.dev you can search for reports on repos that use c, python, golang etc. maybe this is already a thing and I don’t know?

@wdormann @huntrHacktivity @GreaterGoodest @huntrdev We have corrected the report to CWE-674 as requested by the researcher and updated the CVE as well 👍 Thanks for bringing this to our attention :)

Stack-based Buffer Overflow in github.com/vim/vim (CVE-2022-1771) reported by @GreaterGoodest - Patch: github.com/vim/vim/commit… huntr.dev/bounties/faa74… #bugbounty #infosec #opensource

When @drawio says security-first, they mean it. Read through one of our latest write-ups for an Arbitrary Code Execution Through Sanitizer Bypass, fixed by @davidjgraph: huntr.dev/bounties/033d3…

Very cool write-up on a prototype pollution bug @yu5k3 found and exploited to achieve remote code execution huntr.dev/bounties/ac24b…

Ooo 🤩

FacturaScripts 2022.06 disponible con correcciones y mejoras en la seguridad, gracias a huntr.dev facturascripts.com/publicaciones/…