Explore the world of CodeQL and its impact on bug bounties and open-source security in this informative roundtable discussion featuring @JLLeitschuh. Gain insights into how CodeQL can be leveraged to uncover vulnerabilities, earn bounties, and enhance the security of open-source software. Learn about the importance of HTTPS, vulnerability locations, and effective remediation strategies. Discover the role of LGTM, GitHub notifications, and bounty programs in the process. Delve into future plans for CodeQL implementation and examine the Nettie vulnerability case study. Engage with a Q&A session at the end to further expand your understanding of this powerful security tool.
CodeQL Roundtable: Leveraging Static Analysis for Bug Bounties
Overview
Syllabus
Intro
Title
Why is HTTPS important
Location of vulnerability
Who was vulnerable
How to fix it
Enter CodeQL
LGTM
How I did it
GitHub notifications
GitHub bounty
Slide deck
Future plans
Nettie vulnerability
Taught by
Bugcrowd
