snyk.io
Open in
urlscan Pro
2a02:26f0:df:6a3::ecd
Public Scan
Submitted URL: https://sl.snyk.io/t/100975/c/c417f99d-e2cc-4fd6-8d92-b9722567620a/NB2HI4DTHIXS643OPFVS42LPF5SXMZLOORZS65DIMUWWE2LH...
Effective URL: https://snyk.io/events/the-big-fix/
Submission: On February 27 via manual from US — Scanned from DE
Effective URL: https://snyk.io/events/the-big-fix/
Submission: On February 27 via manual from US — Scanned from DE
Form analysis 6 forms found in the DOM
<form id="" data-formid="1461" data-skip="true" style="display: none; font-family: Helvetica, Arial, sans-serif; font-size: 13px; color: rgb(51, 51, 51); width: 1px;" novalidate="novalidate" class="mktoForm mktoHasWidth mktoLayoutLeft">
<style type="text/css">
.mktoForm .mktoButtonWrap.mktoSimple .mktoButton {
color: #fff;
border: 1px solid #75ae4c;
padding: 0.4em 1em;
font-size: 1em;
background-color: #99c47c;
background-image: -webkit-gradient(linear, left top, left bottom, from(#99c47c), to(#75ae4c));
background-image: -webkit-linear-gradient(top, #99c47c, #75ae4c);
background-image: -moz-linear-gradient(top, #99c47c, #75ae4c);
background-image: linear-gradient(to bottom, #99c47c, #75ae4c);
}
.mktoForm .mktoButtonWrap.mktoSimple .mktoButton:hover {
border: 1px solid #447f19;
}
.mktoForm .mktoButtonWrap.mktoSimple .mktoButton:focus {
outline: none;
border: 1px solid #447f19;
}
.mktoForm .mktoButtonWrap.mktoSimple .mktoButton:active {
background-color: #75ae4c;
background-image: -webkit-gradient(linear, left top, left bottom, from(#75ae4c), to(#99c47c));
background-image: -webkit-linear-gradient(top, #75ae4c, #99c47c);
background-image: -moz-linear-gradient(top, #75ae4c, #99c47c);
background-image: linear-gradient(to bottom, #75ae4c, #99c47c);
}
</style>
<div class="mktoButtonRow"><span class="mktoButtonWrap mktoSimple" style="margin-left: 120px;"><button type="submit" class="mktoButton">Submit</button></span></div><input type="hidden" name="formid" class="mktoField mktoFieldDescriptor"
value="1461"><input type="hidden" name="munchkinId" class="mktoField mktoFieldDescriptor" value="677-THP-415"><input type="hidden" name="last_form_fill_url" class="mktoField mktoFieldDescriptor" value="https://snyk.io/events/the-big-fix/"><input
type="hidden" name="last_form_fill_referrer" class="mktoField mktoFieldDescriptor" value="">
</form><form class="mktoForm fs-mask mktoHasWidth mktoLayoutAbove" data-formid="1177" data-analytics="{"category":"","label":"","event":""}" data-skip="" data-test-form=""
data-redirect="https://go.snyk.io/the-big-fix-event-dwn-typ.html" data-parent="" data-block-marketo="1" id="" novalidate="novalidate" style="font-family: Helvetica, Arial, sans-serif; font-size: 13px; color: rgb(51, 51, 51); width: 1601px;">
<style type="text/css">
.mktoForm .mktoButtonWrap.mktoSimple .mktoButton {
color: #fff;
border: 1px solid #75ae4c;
padding: 0.4em 1em;
font-size: 1em;
background-color: #99c47c;
background-image: -webkit-gradient(linear, left top, left bottom, from(#99c47c), to(#75ae4c));
background-image: -webkit-linear-gradient(top, #99c47c, #75ae4c);
background-image: -moz-linear-gradient(top, #99c47c, #75ae4c);
background-image: linear-gradient(to bottom, #99c47c, #75ae4c);
}
.mktoForm .mktoButtonWrap.mktoSimple .mktoButton:hover {
border: 1px solid #447f19;
}
.mktoForm .mktoButtonWrap.mktoSimple .mktoButton:focus {
outline: none;
border: 1px solid #447f19;
}
.mktoForm .mktoButtonWrap.mktoSimple .mktoButton:active {
background-color: #75ae4c;
background-image: -webkit-gradient(linear, left top, left bottom, from(#75ae4c), to(#99c47c));
background-image: -webkit-linear-gradient(top, #75ae4c, #99c47c);
background-image: -moz-linear-gradient(top, #75ae4c, #99c47c);
background-image: linear-gradient(to bottom, #75ae4c, #99c47c);
}
</style>
<div class="mktoFormRow">
<fieldset class="mktoFormCol" style="padding-right: 10px; margin-bottom: 10px;">
<legend></legend>
<div class="mktoFormRow">
<div class="mktoFieldDescriptor mktoFormCol" style="margin-bottom: 10px;">
<div class="mktoOffset" style="width: 10px;"></div>
<div class="mktoFieldWrap mktoRequiredField"><label for="FirstName_16775214526170.21778993693781667_16775214526180.5287207092604769_16775214526430.4253355099239722" id="LblFirstName" class="mktoLabel mktoHasWidth" style="width: 116px;">
<div class="mktoAsterix">*</div>
</label>
<div class="mktoGutter mktoHasWidth" style="width: 10px;"></div><input id="FirstName_16775214526170.21778993693781667_16775214526180.5287207092604769_16775214526430.4253355099239722" name="FirstName" placeholder="First Name *"
maxlength="255" aria-labelledby="LblFirstName InstructFirstName" type="text" class="mktoField mktoTextField mktoHasWidth mktoRequired" aria-required="true" style="width: 152px;"><span id="InstructFirstName" tabindex="-1"
class="mktoInstruction"></span>
<div class="mktoClear"></div>
</div>
<div class="mktoClear"></div>
</div>
<div class="mktoClear"></div>
</div>
<div class="mktoFormRow">
<div class="mktoFieldDescriptor mktoFormCol" style="margin-bottom: 10px;">
<div class="mktoOffset" style="width: 10px;"></div>
<div class="mktoFieldWrap mktoRequiredField"><label for="LastName_16775214526170.21778993693781667_16775214526180.5287207092604769_16775214526430.4253355099239722" id="LblLastName" class="mktoLabel mktoHasWidth" style="width: 100px;">
<div class="mktoAsterix">*</div>
</label>
<div class="mktoGutter mktoHasWidth" style="width: 10px;"></div><input id="LastName_16775214526170.21778993693781667_16775214526180.5287207092604769_16775214526430.4253355099239722" name="LastName" placeholder="Last Name *"
maxlength="255" aria-labelledby="LblLastName InstructLastName" type="text" class="mktoField mktoTextField mktoHasWidth mktoRequired" aria-required="true" style="width: 150px;"><span id="InstructLastName" tabindex="-1"
class="mktoInstruction"></span>
<div class="mktoClear"></div>
</div>
<div class="mktoClear"></div>
</div>
<div class="mktoClear"></div>
</div>
</fieldset>
<div class="mktoClear"></div>
</div>
<div class="mktoFormRow">
<div class="mktoPlaceholder mktoPlaceholderTitle"></div>
<div class="mktoClear"></div>
</div>
<div class="mktoFormRow">
<div class="mktoFieldDescriptor mktoFormCol" style="margin-bottom: 10px;">
<div class="mktoOffset" style="width: 10px;"></div>
<div class="mktoFieldWrap mktoRequiredField"><label for="Email_16775214526170.21778993693781667_16775214526180.5287207092604769_16775214526430.4253355099239722" id="LblEmail" class="mktoLabel mktoHasWidth" style="width: 100px;">
<div class="mktoAsterix">*</div>
</label>
<div class="mktoGutter mktoHasWidth" style="width: 10px;"></div><input id="Email_16775214526170.21778993693781667_16775214526180.5287207092604769_16775214526430.4253355099239722" name="Email" placeholder="Email *" maxlength="255"
aria-labelledby="LblEmail InstructEmail" type="email" class="mktoField mktoEmailField mktoHasWidth mktoRequired" aria-required="true" style="width: 150px;"><span id="InstructEmail" tabindex="-1" class="mktoInstruction"></span>
<div class="mktoClear"></div>
</div>
<div class="mktoClear"></div>
</div>
<div class="mktoClear"></div>
</div>
<div class="mktoFormRow">
<div class="mktoPlaceholder mktoPlaceholderCompany"></div>
<div class="mktoClear"></div>
</div>
<div class="mktoFormRow">
<div class="mktoPlaceholder mktoPlaceholderCountry"></div>
<div class="mktoClear"></div>
</div>
<div class="mktoFormRow">
<div class="mktoPlaceholder mktoPlaceholderHtmlText_2020-12-09T15 314Z"></div>
<div class="mktoClear"></div>
</div>
<div class="mktoFormRow" style="width: 0px;"><input type="hidden" name="utm_campaign__c" class="mktoField mktoFieldDescriptor mktoFormCol" value="" style="margin-bottom: 10px;">
<div class="mktoClear"></div>
</div>
<div class="mktoFormRow" style="width: 0px;"><input type="hidden" name="utm_source__c" class="mktoField mktoFieldDescriptor mktoFormCol" value="" style="margin-bottom: 10px;">
<div class="mktoClear"></div>
</div>
<div class="mktoFormRow" style="width: 0px;"><input type="hidden" name="utm_medium__c" class="mktoField mktoFieldDescriptor mktoFormCol" value="" style="margin-bottom: 10px;">
<div class="mktoClear"></div>
</div>
<div class="mktoFormRow" style="width: 0px;"><input type="hidden" name="utm_content__c" class="mktoField mktoFieldDescriptor mktoFormCol" value="" style="margin-bottom: 10px;">
<div class="mktoClear"></div>
</div>
<div class="mktoFormRow" style="width: 0px;"><input type="hidden" name="utm_term__c" class="mktoField mktoFieldDescriptor mktoFormCol" value="" style="margin-bottom: 10px;">
<div class="mktoClear"></div>
</div>
<div class="mktoFormRow" style="width: 0px;"><input type="hidden" name="pdf_option" class="mktoField mktoFieldDescriptor mktoFormCol" value="" style="margin-bottom: 10px;">
<div class="mktoClear"></div>
</div>
<div class="mktoFormRow" style="width: 0px;"><input type="hidden" name="last_form_fill_url" class="mktoField mktoFieldDescriptor mktoFormCol" value="https://snyk.io/events/the-big-fix/" style="margin-bottom: 10px;">
<div class="mktoClear"></div>
</div>
<div class="mktoFormRow">
<div class="mktoFormCol" style="margin-bottom: 10px;">
<div class="mktoOffset mktoHasWidth" style="width: 10px;"></div>
<div class="mktoFieldWrap">
<div class="mktoHtmlText mktoHasWidth" style="width: 405px;">By filling this form I confirm that I have read and accepted the terms and conditions of the Big Fix competition, and I acknowledge that my username will be used to display my
ranking on the leader board, that my email will be used for the purposes of administering the competition, all in accordance with the terms of the <a href="https://snyk.io/policies/privacy/" target="_blank" id="">Snyk Privacy Policy</a>.
</div>
<div class="mktoClear"></div>
</div>
<div class="mktoClear"></div>
</div>
<div class="mktoClear"></div>
</div>
<div class="mktoFormRow" style="width: 0px;"><input type="hidden" name="utmprogram" class="mktoField mktoFieldDescriptor mktoFormCol" value="" style="margin-bottom: 10px;">
<div class="mktoClear"></div>
</div>
<div class="mktoFormRow">
<div class="mktoPlaceholder mktoPlaceholderSubscribed__c"></div>
<div class="mktoClear"></div>
</div>
<div class="mktoButtonRow"><span class="mktoButtonWrap mktoSimple" style="margin-left: 120px;"><button type="submit" class="mktoButton">Submit</button></span></div><input type="hidden" name="formid" class="mktoField mktoFieldDescriptor"
value="1177"><input type="hidden" name="munchkinId" class="mktoField mktoFieldDescriptor" value="677-THP-415"><input type="hidden" name="last_form_fill_referrer" class="mktoField mktoFieldDescriptor" value=""><input type="hidden"
name="last_form_fill_referrer" class="mktoField mktoFieldDescriptor" value="">
</form><form data-formid="1461" data-skip="true" style="display: none; font-family: Helvetica, Arial, sans-serif; font-size: 13px; color: rgb(51, 51, 51); visibility: hidden; position: absolute; top: -500px; left: -1000px; width: 1600px;"
novalidate="novalidate" class="mktoForm mktoHasWidth mktoLayoutLeft"></form><form id="mktoForm_1461" style="display: none; font-family: Helvetica, Arial, sans-serif; font-size: 13px; color: rgb(51, 51, 51); width: 1px;" novalidate="novalidate" class="mktoForm mktoHasWidth mktoLayoutLeft">
<style type="text/css">
.mktoForm .mktoButtonWrap.mktoSimple .mktoButton {
color: #fff;
border: 1px solid #75ae4c;
padding: 0.4em 1em;
font-size: 1em;
background-color: #99c47c;
background-image: -webkit-gradient(linear, left top, left bottom, from(#99c47c), to(#75ae4c));
background-image: -webkit-linear-gradient(top, #99c47c, #75ae4c);
background-image: -moz-linear-gradient(top, #99c47c, #75ae4c);
background-image: linear-gradient(to bottom, #99c47c, #75ae4c);
}
.mktoForm .mktoButtonWrap.mktoSimple .mktoButton:hover {
border: 1px solid #447f19;
}
.mktoForm .mktoButtonWrap.mktoSimple .mktoButton:focus {
outline: none;
border: 1px solid #447f19;
}
.mktoForm .mktoButtonWrap.mktoSimple .mktoButton:active {
background-color: #75ae4c;
background-image: -webkit-gradient(linear, left top, left bottom, from(#75ae4c), to(#99c47c));
background-image: -webkit-linear-gradient(top, #75ae4c, #99c47c);
background-image: -moz-linear-gradient(top, #75ae4c, #99c47c);
background-image: linear-gradient(to bottom, #75ae4c, #99c47c);
}
</style>
<div class="mktoButtonRow"><span class="mktoButtonWrap mktoSimple" style="margin-left: 120px;"><button type="submit" class="mktoButton">Submit</button></span></div><input type="hidden" name="formid" class="mktoField mktoFieldDescriptor"
value="1461"><input type="hidden" name="munchkinId" class="mktoField mktoFieldDescriptor" value="677-THP-415"><input type="hidden" name="last_form_fill_url" class="mktoField mktoFieldDescriptor" value="https://snyk.io/events/the-big-fix/"><input
type="hidden" name="last_form_fill_referrer" class="mktoField mktoFieldDescriptor" value="">
</form><form style="display: none; font-family: Helvetica, Arial, sans-serif; font-size: 13px; color: rgb(51, 51, 51); visibility: hidden; position: absolute; top: -500px; left: -1000px; width: 1600px;" novalidate="novalidate"
class="mktoForm mktoHasWidth mktoLayoutLeft"></form><form class="mktoForm fs-mask mktoHasWidth mktoLayoutAbove" data-formid="1177" data-analytics="{"category":"","label":"","event":""}" data-skip="" data-test-form=""
data-redirect="https://go.snyk.io/the-big-fix-event-dwn-typ.html" data-parent="" data-block-marketo="1" novalidate="novalidate"
style="font-family: Helvetica, Arial, sans-serif; font-size: 13px; color: rgb(51, 51, 51); visibility: hidden; position: absolute; top: -500px; left: -1000px; width: 1600px;"></form>Text Content
Submit
We use cookies to ensure you get the best experience on our website.Read
moreRead moreGot it
close
* Products
* Products
* Snyk Code (SAST)
Secure your code as it’s written
* Snyk Open Source (SCA)
Avoid vulnerable dependencies
* Snyk Container
Keep your base images secure
* Snyk Infrastructure as Code
Develop secure cloud infrastructure
* Snyk Cloud
Keep your cloud environment secure
* Solutions
* Application security
Build secure, stay secure
* Software supply chain security
Mitigate supply chain risk
* Cloud security
Build and operate securely
* Platform
* What is Snyk?
Developer-first security in action
* Developer security platform
Modern security in a single platform
* Security intelligence
Comprehensive vulnerability data
* License compliance management
Manage open source usage
* Snyk Learn
Self-service security education
* Resources
* Using Snyk
* Documentation
* Vulnerability intelligence
* Product training
* Support & services
* Support portal & FAQ’s
* User hub
* learn & connect
* Blog
* Community
* Events & webinars
* DevSecOps hub
* Developer & security resources
* Listen to the Cloud Security Podcast, powered by Snyk
* Company
* About Snyk
* Customers
* Partners
* Newsroom
* Snyk Impact
* Contact us
* Jobs at Snyk We are hiring
* Pricing
Log inBook a demoSign up
FEBRUARY 14 – MARCH 14, 2023
THE BIG FIX
Join us for a month-long fix-a-thon, where you’ll win prizes for fixing
vulnerabilities in open (and closed) source software while making a positive
impact. The Big Fix brings developers together to build a more secure software
ecosystem to benefit us all while having fun and learning about security.
Join the Big Fix
TOTAL SECURITY FIXES
SHOW YOUR SOFTWARE SOME LOVE
Secure software is happy software – help us fix over 200,000 vulnerabilities
this month! Follow the steps below to begin securing your open and closed source
projects while earning swag, learning about security, and building a more secure
software ecosystem for us all.
Start fixing
1. SCAN YOUR PROJECTS
Connect The Big Fix app to your projects and use Snyk to scan for
vulnerabilities.
2. FIX VULNS WITH SNYK
Fix at least one security vulnerability and we’ll send you a limited edition Big
Fix t-shirt.
3. CONNECT WITH COMMUNITY
Join the DevSecOps Discord to get support and fix security vulnerabilities with
new friends.
4. SHARE YOUR SUCCESS
Tweet your progress using #TheBigFix, and mention or follow @snyksec to join our
prize raffles.
5. JOIN THE LIVESTREAM
Come to our Feb 28 fix-a-thon live stream where you’ll learn about security and
meet world-renown developer security experts.
6. COMPETE AND WIN PRIZES
Track your fixing progress on the anonymized leaderboard and compete for the top
spot and additional prizes!
SIGN UP AND START FIXING
The Big Fix is happening Feb 14 through March 14, 2023, with a live event on Feb
28 at 12:00 am GMT through March 1st 12:00 am GMT. Sign up to join.
Already registered? Access the leaderboard.
*
*
*
By filling this form I confirm that I have read and accepted the terms and
conditions of the Big Fix competition, and I acknowledge that my username will
be used to display my ranking on the leader board, that my email will be used
for the purposes of administering the competition, all in accordance with the
terms of the Snyk Privacy Policy.
Submit
TOP FIXERS LEADERBOARD
FIX VULNERABILITIES. GET SWAG AND PRIZES!
Every participant that imports a project and fixes at least one vulnerability
gets a limited edition t-shirt. Other prizes include:
* Open source sponsorship gift cards
* A limited edition Big Fix coin
* A VR headset (1st place)
* A wireless speaker (2nd place)
* An Arduino starter kit (3rd place)
DISCLOSE NEW VULNERABILITIES RESPONSIBLY
Whether you’re a security researcher or a developer that just wants to make sure
their libraries are safe, Snyk can help you uncover brand new vulnerabilities in
your open and closed source projects. If you do find a new vuln, be sure to
follow responsible disclosure guidelines. Read the FAQ below to learn how the
Snyk Security Research team can help.
FEB 28
AT
0:00
02/28/2023
LIVESTREAM SCHEDULE
We have a day filled with fun segments and amazing speakers that will help you
on your fixing journey. Below are all the segments and their times.
Select your timezone
Sydney (AEDT)Perth (AWST)Central Europe (CET)London (GMT)Eastern (EST)Pacific
(PST)
Sydney (AEDT)Perth (AWST)Central Europe (CET)London (GMT)Eastern (EST)Pacific
(PST)– Please select –
Good morning APJ
0:00
–
8:00
Hello EMEA
8:00
–
16:00
Howdy AMER
16:00
–
0:00
0:00
Welcome to the Big Fix
Hosted by Vandana Verma Sehgal
0:30
Security with Nicole Becher
Nicole Becher
1:00
Learnings from Code Vigilant
Anant Shrivastava
1:45
Full-stack software engineer and CTO at DivX
Yuya Tajima
2:30
Secure Code Review for Hackers
Kayla Underkoffler
3:15
Vulnerability Reporting and Re-validation
Aditya Shende
4:30
ServiceNow Security with Karl
Karl Klassig
5:00
Security with Soumen
Soumen
5:30
Shift Left Isn’t What You Expected
Chen Gour Arie, Enso
6:00
Security with Sanjeev Jaiswal
Sanjeev Jaiswal
6:30
Building Orchestration Pipelines to Ensure Efficiency of Application Security
Findings Resolution
Leonid Belkind, Torq
7:00
REST API or GraphQL – Why Not Both?
Amit Lichtenberg, Otterize
7:30
DevSecOps in Cloud
Ashish Rajan
8:00
The Big Fix Livestream Sun Rises in EU
Hosted by Brian Vermeer & Sonya Moisset
8:30
Developer Education: the lack of security education
Michael Biocchi
9:15
This Week in Vuln DB: The Big Fix Edition
Brian Vermeer & Sonya Moisset
10:00
Tools to help keep your dependencies up to date
Marit van Dijk, JetBrains
10:45
Improving DecSecOps Collaboration
Robin Wyss, Dynatrace
11:15
NGINX RCE 0-day
Timo Stark, f5
12:30
Image security hardening
Rachid Zarouali, Sevensphere
13:15
DevOps, Security, and Open Source Software.
David A. Wheeler, Linux Foundation
13:45
Building Secure HTTPS Gateways for Java Applications
Ana-Maria Mihalceanu, Oracle
14:30
How Vulnerability Management Scales from SMB to MM to Enterprise
Vania Xu, Vanta
15:00
Path Traversal attacks
Liran Tal
15:30
Crypto-jacking vs Cryptomining: Detecting the Indicators of Compromise in
Kubernetes
Nigel Douglas, Sysdig
16:00
Good Morning AMER
Hosted by Brian Clark & Eric Smalling
16:15
Overcoming AppSec Testing Challenges: What to Focus On
Vitaly Unic, BrightSec
17:00
Avoiding footguns in your payments stack
Paul Asjes, Stripe
17:30
Policy Enforcement of Kubernetes Best Practices
Carlos Santana & Doruk Ozturk, AWS EKS
18:15
Networking as Code: From Metal to Mesh, and everything in-between.
Marino Wijay, Solo.io
18:45
Exploring processes via procfs
Joshua Rosso, Arctir
19:15
Tips and tricks to prioritize Snyk Open-Source findings so developers can focus
on what matters most.
Chris Walz, Atlassian
19:45
How not to build an AppSec Program
Declan Odonovan, Morgan Stanley
21:00
Policy and Standards
KC Thomas
21:30
How to Scale Security + Increase Developer Productivity
Krishna Patel, Slack & Randall Degges
22:00
Securing Microservices in a Service Mesh Environment: A Zero Trust Approach
Viktor Gamov, Kong
22:30
Dude That’s Not My Car! Putting out a BOLO on BOLA
Scott Gerlach
23:00
The Big Fix-athon Wrap Up
Randall Degges
FAQ
You have questions and we have answers. If you don’t find an answer for a
question you have you can share it during the live stream for the hosts to help
answer. Or email us at thebigfix@snyk.io.
How do I register?
add
Go to the sign-up form on this page and provide your name and email address.
How do I qualify to receive swag?
add
* Register for The Big Fix event on February 14. This page will be updated with
a form. Then create a Snyk account if you don’t already have one, import your
project(s) to Snyk where they will be scanned for security issues, and fix at
least one of the identified issues.
* You can get started fixing security issues immediately to qualify for swag
once the event ends, no need to wait! Regardless, we’d love to have you join
our Discord community of fixers and our 24-hour livestream on February 28th!
When will raffle winners be announced?
add
We will be announcing raffle winners at two separate times: during our 24-hour
livestream (more info on this below), as well as a few days after the
event. We’ll directly message all raffle winners with redemption instructions.
How do I join the live stream and where do I get help?
add
* We’ll be streaming to both Twitch and YouTube so you can tune in and chat
with us on whichever platform you prefer. Make sure to set a reminder in your
calendar!
* Join our community Discord where you’ll be able to chat with other fixers
like yourself, as well as seasoned security experts who can help answer your
questions and resolve security issues! You can join Discord by clicking the
following link: https://discord.gg/NXuz63GmUt
* What do I do after joining Discord?
* When you enter the community, you’ll need to confirm your email addresses
and enable 2FA.
* Following that, you’ll need to confirm that you have read the rules and
accept the Terms and Conditions before being allowed into our channels.
* Once you’ve accepted the Terms and Conditions, head to the
“🛠-the-big-fix” channel in the “🐕 Snyk community” category and say hi!.
What if I find a new vulnerability in an open source project?
add
In this case, we’d like to ask you to avoid directly fixing the vulnerability in
said project with a pull request and avoid opening a public issue, as these
would put users at risk and the maintainers at stress to rush to the issue.
Instead, we’d like to advise you to follow responsible disclosure guidelines and
report the vulnerability to Snyk,through which we will help you with contacting
the maintainer, triaging the vulnerability, and assigning a CVE to your name.
How do I find projects to add to The Big Fix app?
add
Take these steps after signing up.
* When you authorize your Snyk account, you might be prompted with a request
access form that includes a drop-down (showing “Dade Murphy group”) which
lists your default Snyk group and the personal organizations attached to it.
You may need to select a different group with the projects you want to import
to the campaign.
* If you need to switch to a different organization there is a drop-down menu
in The Big Fix app that allows you to select a new organization and will
display the projects associated with it.
How do I convince my boss?
add
Use this email template to explain the benefits of dedicating time to fixing
vulnerabilities and the value of participating in this free event as a team.
Hey Boss,
In light of supply chain security vulnerabilities such as Log4j and Spring4Shell
that made headlines last year, I would like my team to dedicate some time this
month to fix vulnerabilities in our codebase.
I found a free online event called The Big Fix, where our team can get advice
and troubleshooting support from security experts, plus earn rewards for fixing
vulnerabilities in our projects. I’d love for our team to join this event for
the following reasons:
* We want to ensure our developers are educated on proactive security best
practices so they can deliver secure code quickly. At this event, we’ll speak
with security experts to help our team learn the ropes.
* Fixing security issues in applications is important, but oftentimes
intimidating. Taking on this responsibility in a fun, global competition
allows us to work as a team and learn in a blameless environment.
* Security is a massive priority for every development team. The event live
stream will introduce our team to specific vulnerability patterns, like Cross
Site Scripting, for example. Taking this on as a group activity will allow us
to build momentum for prioritizing security in 2023.
The livestream event is on Feb 28, 2023 (a Tuesday), and I think it would be a
huge help to our growth as a team to participate. Can we get approval for the
team to spend the day learning about, identifying, and fixing security issues in
our products as part of The Big Fix event?
Securely,
Your teammate
What is your data retention policy for the campaign and how is it used?
add
When you register for the event, you will sign-up with your name and email
address. We’ll use an automatically generated alias to list you on the
leaderboard and your email to send you the registration link. We keep the
leaderboard and scoring data separate from your imported projects and other Snyk
data. Upon 30 days of the event’s end, all your Snyk user data that we used
during the event will be deleted. This is only scoped to applications you
specifically authorize during the event. Your projects in Snyk will not be
affected. Note that you may opt-in for further communication with Snyk when
registering.
How are scores calculated?
add
* An initial “snapshot” of vulnerability counts by severity are captured when
you add a project to the big fix app. For example a project named nodejs-goof
has 2 critical, 6 high, 15 medium and 38 low severity vulnerabilities and
those are what get captured in the “snapshot”.
* When you implement fixes for those vulnerabilities in the project AND a Snyk
test is performed against the project Snyk will update the vulnerability
counts internally. Then the Big Fix app will check in with Snyk periodically
to get the current vulnerability counts for your projects and see if there
are changes from the initial “snapshot”. For example if you fixed 2 high
vulnerabilities in that nodejs-goof project, once a Snyk test is triggered
Snyk will update the high severity vulnerability count from 6 to 4. Then the
next time the Big Fix app checks in with Snyk it will see you fixed 2 high
severity vulnerabilities and award you points
* The points you earn for fixes is determined by the severity of the
vulnerability you fixed and the big fix app’s scoring engine. The points
awarded for each vulnerability severity level are as follows:
* Critical: 4 points
* High: 3 points
* Medium: 2 points
* Low: 1 point
* Continuing with our example, after fixing 2 high severity vulnerabilities the
big fix app will award you with 6 additional points to your current score.
* The points awarded are applied to anyone who has imported that project to be
used in the big fix app. What that means is if you and a coworker/teammate
sign up for the big fix and import the same project then whenever either of
you make a fix for that project you both will be awarded the same amount of
points. For example a fix completed worth 4 points will be awarded to you and
4 points will be awarded to your coworker/teammate.
* If the vulnerability count increases for a project you’ve added to be used as
part of the big fix then you will lose points. For example if you imported a
project with 3 low severity vulnerabilities and that increases to 5 you will
lose points. Your point total will not go below zero regardless of the
increase in vulnerability count.
I am getting 403 errors during registration, what should I do?
add
* If project collaborators are seeing 403 errors when trying to register for
The Big Fix App with their Snyk account, they either need to have “admin”
role access, or a custom role created with the permission “Install Apps”
(which you can find in the Snyk Apps Management section) and then assigned to
them.
* The following steps should be taken to mitigate the 403 issue:
* Assign the custom role described above to users of a specific org
* Users need to change their preferred org to the org where the role has been
assigned
* Users should log out of Snyk
* Users should follow the registration link in their email
THE BIG FIX SPONSORS
We’re excited and proud to collaborate with the following Snyk partners that are
equally committed to helping secure open source software and fix security
vulnerabilities to make the world’s software safer.
*
*
*
*
*
*
*
*
*
*
*
Code of conduct | Privacy policy | Terms & conditions 1 | Terms and conditions 2
Develop Fast.
Stay Secure.
Sign up for freeBook a demo
PRODUCT
* Developers & DevOps
* Vulnerability database
* API status
* Pricing
* IDE plugins
* What is Snyk?
RESOURCES
* Snyk Learn
* Blog
* Security fundamentals
* Resources for security leaders
* Documentation
* Snyk API
* Disclosed vulnerabilities
* Open Source Advisor
* FAQs
* Website scanner
* Code snippets
* Japanese site
* Audit services
COMPANY
* About
* Snyk Impact
* Customers
* Jobs at Snyk
* Snyk for government
* Legal terms
* Privacy
* Press kit
* Events
* Security and trust
* Do not sell my personal information
CONNECT
* Book a demo
* Contact us
* Support
* Report a new vuln
SECURITY
* JavaScript Security
* Container Security
* Kubernetes Security
* Application Security
* Open Source Security
* Cloud Security
* Secure SDLC
* Cloud Native Security
* Secure coding
* Python Code Examples
* JavaScript Code Examples
* Code Checker
* Python Code Checker
* JavaScript Code Checker
Snyk is a developer security platform. Integrating directly into development
tools, workflows, and automation pipelines, Snyk makes it easy for teams to
find, prioritize, and fix security vulnerabilities in code, dependencies,
containers, and infrastructure as code. Supported by industry-leading
application and security intelligence, Snyk puts security expertise in any
developer's toolkit.
RESOURCES
* Snyk Learn
* Blog
* Security fundamentals
* Resources for security leaders
* Documentation
* Snyk API
* Disclosed vulnerabilities
* Open Source Advisor
* FAQs
* Website scanner
* Code snippets
* Japanese site
* Audit services
TRACK OUR DEVELOPMENT
*
*
*
*
*
*
© 2023 Snyk Limited
Registered in England and Wales
Company number: 09677925
Registered address: Highlands House, Basingstoke Road, Spencers Wood, Reading,
Berkshire, RG7 1NT.
Submit
Watch this on-demand
CTF 101 Workshop!
Learn how you can build transferable security skills by participating in CTFs
and:
* See a step-by-step demo of how to solve a CTF challenge
* See participants solve their first CTF challenge with support from experts
* Follow along at your own pace
Watch now
The 2022 State of Open Source Security Report
In collaboration with the Linux Foundation
Learn about open source security perspectives and how to improve OSS security
and sustainability.
Read full report