#262 You found a CVE!
Closed: declined 2 months ago by riecatnor. Opened 5 years ago by sparks.

What the badge should be granted for:
This badge would be granted to people that found and reported a vulnerability that was "awarded" a CVE. We could have different levels (1, 5, 10, 50, 100...) (I really hope we never get past 10.)

Badge description (like "You added a co-maintainer to a package. BFF!"):
You helped keep Fedora secure by reporting a vulnerability that became a CVE!

Anything else we need to know:
This would be manually awarded by someone from Red Hat SRT and/or Fedora Security SIG.


Here is my design proposal for the first badge.. threebean and I came up with the concept. I plan to continue the series on.

[[Image(beaconsofgondor.png)]]

Here is my design proposal for the first badge.. threebean and I came up with the concept. I plan to continue the series on.

[[Image(beaconsofgondor.png)]]

Replying to [comment:1 riecatnor]:

Here is my design proposal for the first badge.. threebean and I came up with the concept. I plan to continue the series on.

I don't think this matches well what we want to achieve when we encourage people to report vulnerabilities. The intent is very much not to start a fire, but eliminate the hazard instead.

Replying to [comment:1 riecatnor]:

Here is my design proposal for the first badge.. threebean and I came up with the concept. I plan to continue the series on.

I don't think this matches well what we want to achieve when we encourage people to report vulnerabilities. The intent is very much not to start a fire, but eliminate the hazard instead.

This image doesn't really evoke any kind of mental connection to security exploits / security bug reporting / CVEs for me.

This image doesn't really evoke any kind of mental connection to security exploits / security bug reporting / CVEs for me.

@fweimar, @berrange.. the name of the file is 'beaconsofgondor.png'. Are you familiar with the reference 'The Beacons of Gondor'? We would have to name the badge that (so that the reference is front and center) for it to get across.

@fweimar, @berrange.. the name of the file is 'beaconsofgondor.png'. Are you familiar with the reference 'The Beacons of Gondor'? We would have to name the badge that (so that the reference is front and center) for it to get across.

Replying to [comment:5 ralph]:

@fweimar, @berrange.. the name of the file is 'beaconsofgondor.png'. Are you familiar with the reference 'The Beacons of Gondor'? We would have to name the badge that (so that the reference is front and center) for it to get across.

I had to look it up. Even if that's my fault, I still think the visual association is wrong.

Replying to [comment:5 ralph]:

@fweimar, @berrange.. the name of the file is 'beaconsofgondor.png'. Are you familiar with the reference 'The Beacons of Gondor'? We would have to name the badge that (so that the reference is front and center) for it to get across.

I had to look it up. Even if that's my fault, I still think the visual association is wrong.

I still think the visual association is wrong

Do you have any alternative ideas?

I still think the visual association is wrong

Do you have any alternative ideas?

Hello Ralph,

I agree, the proposed design does not hint/indicate anything about CVE flaw/bug discovery. I'll forward this design to the security-team list and request for more comments there. Hope that is okay.

Thank you.

Hello Ralph,

I agree, the proposed design does not hint/indicate anything about CVE flaw/bug discovery. I'll forward this design to the security-team list and request for more comments there. Hope that is okay.

Thank you.

What kinds of concepts would we want to link to these badges? Perhaps if the Fedora Security Team people would list ideas here it would make the artists' lives much easier.

Do we want to focus on finding a security bug? If so, do we want to use concepts like hunting, investigating, tracking... which would lead to images like crosshairs, magnifying glasses, footprints, etc.

Do we want to focus on security bug? How do we visually differentiate a security bug from a normal bug? Perhaps use imagery like bacteria or venomous insects/arachnids?

Or do we want to perhaps use the concept of finding weaknesses in a structure or building? Like finding a crack in a dam, or finding a loose bolt in a scaffold, or an unlocked/cracked door, and so on.

I believe the "weakness" concept is more directly relatable to security than bugs and bugfixing. Maybe it would be interesting to have more people to brainstorm around that.

What kinds of concepts would we want to link to these badges? Perhaps if the Fedora Security Team people would list ideas here it would make the artists' lives much easier.

Do we want to focus on finding a security bug? If so, do we want to use concepts like hunting, investigating, tracking... which would lead to images like crosshairs, magnifying glasses, footprints, etc.

Do we want to focus on security bug? How do we visually differentiate a security bug from a normal bug? Perhaps use imagery like bacteria or venomous insects/arachnids?

Or do we want to perhaps use the concept of finding weaknesses in a structure or building? Like finding a crack in a dam, or finding a loose bolt in a scaffold, or an unlocked/cracked door, and so on.

I believe the "weakness" concept is more directly relatable to security than bugs and bugfixing. Maybe it would be interesting to have more people to brainstorm around that.

Replying to [comment:9 fleite]:

Do we want to focus on finding a security bug? If so, do we want to use concepts like hunting, investigating, tracking... which would lead to images like crosshairs, magnifying glasses, footprints, etc.

Do we want to focus on security bug? How do we visually differentiate a security bug from a normal bug? Perhaps use imagery like bacteria or venomous insects/arachnids?

Or do we want to perhaps use the concept of finding weaknesses in a structure or building? Like finding a crack in a dam, or finding a loose bolt in a scaffold, or an unlocked/cracked door, and so on.

I was going to say the second one until I read the third one. I like the concept of finding a weakness.

Replying to [comment:9 fleite]:

Do we want to focus on finding a security bug? If so, do we want to use concepts like hunting, investigating, tracking... which would lead to images like crosshairs, magnifying glasses, footprints, etc.

Do we want to focus on security bug? How do we visually differentiate a security bug from a normal bug? Perhaps use imagery like bacteria or venomous insects/arachnids?

Or do we want to perhaps use the concept of finding weaknesses in a structure or building? Like finding a crack in a dam, or finding a loose bolt in a scaffold, or an unlocked/cracked door, and so on.

I was going to say the second one until I read the third one. I like the concept of finding a weakness.

May I suggest instead an image of a three-headed panda blocking a river? (Evoking the image of Kerberos guarding the River Styx).

May I suggest instead an image of a three-headed panda blocking a river? (Evoking the image of Kerberos guarding the River Styx).

Metadata Update from @riecatnor:
- Custom field artwork adjusted to None
- Custom field concept_review_passed adjusted to None (was: 0)
- Custom field has_complete_yaml reset (from None)
- Custom field has_description reset (from 0)
- Custom field has_name reset (from 0)
- Custom field needs_manual_award reset (from 0)
- Custom field triaged reset (from 0)
- Issue close_status updated to: None
- Issue tagged with: artwork-hard, artwork-needed, quality

2 years ago

Metadata Update from @riecatnor:
- Custom field artwork adjusted to needed (was: None)
- Custom field has_complete_yaml reset (from false)
- Custom field has_description reset (from false)
- Custom field has_name reset (from false)
- Custom field needs_manual_award reset (from false)
- Custom field triaged reset (from false)

2 years ago

Closing this ticket due to inactivity during Badges virtual hackfest. Please reopen if their is renewed interest. Thanks!

Metadata Update from @riecatnor:
- Custom field has_complete_yaml reset (from false)
- Custom field has_description reset (from false)
- Custom field has_name reset (from false)
- Custom field needs_manual_award reset (from false)
- Custom field triaged reset (from false)
- Issue close_status updated to: declined
- Issue status updated to: Closed (was: Open)

2 months ago

Login to comment on this ticket.

Metadata
Attachments 2
Attached 4 years ago View Comment
Attached 4 years ago View Comment