I do security research and bug bounties on side sometimes and had read/write access to a couple of large open source projects in the past, incl. being able to impersonate employees from well known companies that work on open source stuff.
Most common issue was access tokens found in public places.
Would be interesting to know what happens when code is updated - which I obviously wouldn't do. Wonder how long it would take until caught.
Since open source projects probably dont do "red teaming" (to use a fancy buzz word) I wonder how they could practice this?
Most common issue was access tokens found in public places.
Would be interesting to know what happens when code is updated - which I obviously wouldn't do. Wonder how long it would take until caught.
Since open source projects probably dont do "red teaming" (to use a fancy buzz word) I wonder how they could practice this?