Over the last couple weeks, I’ve had the distinct privilege to share some of my research surrounding continuous integration security. The presentation was dubbed “Attacking Cloud Services w/ Source Code” and was presented at both SOURCE Boston 2013 and THOTCON 0x4, where I discussed a bunch of fun things like:
- Why I love Continuous Integration (CI) Services (especially hosted solutions)
- My perspectives as an open-source developer (some happy, some sad)
- What things could be possible if malicious code was fed to CI services
- A project I’m working on, called RottenApple, to help make things better
In this blog post I hope to capture some of the meat of the presentation for those who could not attend and use this opportunity to announce the first public release of RottenApple.