Home Source code ‘A Buggy Mess’: UNL Student Helps Identify Potential Security Risks in the Safer Community App | Education

‘A Buggy Mess’: UNL Student Helps Identify Potential Security Risks in the Safer Community App | Education

0


Carlson located open source code in an online repository for Safer Illinois, an application almost identical to those used by UNL and the University of Wisconsin-Madison, and immediately noticed that something was wrong.

He shared the link with a senior security engineer he met online, who quickly documented “several critical issues” within the security of the app despite Rokmetro’s claims that it had been reviewed multiple times. levels.

UNL publishes plan to fight institutional racism and improve diversity

Some of the problems were from Rokmetro’s own code, the engineer discovered, while others were “upstream” or from products made by other companies such as Google that were integrated into the app – problems that , although involuntary, were exploitable.

“I don’t think they had the security expertise they needed to do something like this,” Carlson said.

The engineer, who calls himself “Soatok” on GitHub, the online repository for software code, described the vulnerabilities in the Safer Illinois application in an August 17 blog post, and Carlson reported the bugs for it. Rokmetro development team on the page where the code was originally published.

Usually, developers get straight to work fixing issues, Carlson said. Other times, especially with open source projects, the original developer can ask the community for help debugging the code.

Neither of those paths happened in this case, Carlson said. Instead, Rokmetro went radio silent.