#625 New badge for finding security issues in the infrastructure
Opened 2 years ago by misc. Modified 2 years ago

Badge description (like "You added a co-maintainer to a package. BFF!"):
- "You found a security issue in Fedora infrastructure"

Help the badges team understand what this idea is all about. If this badge is
awarded for certain kinds of activities:

1) What are those activities?
- finding a potential security issue in the Fedora infra, and not exploiting it without autorisation

2) Who is doing them (are they packagers? translators? newcomers? veterans?
users? sponsors?)
- anyone

3) Why are they doing them (is this a means to a different end?)
- to make Fedora infra more secure

4) When do they do them (every day? once a year?)
- hopefully not so often, but like once per year at most

5) How do they do them (by talking in IRC? by running commands in the console?
by using a web interface?)
- by reporting the issue to the Fedora security officer, and letting the said security officer (patrick at the moment) grant it after evaluating the issue. The award will be decided at the discretion of the security officer.

Lastly, do you have any ideas for artwork concepts?
- I guess reusing the imagery associated with hackers ( https://www.istockphoto.com/fr/photos/hacker?phrase=hacker&sort=best )


after much discussion, here is a list of artwork concepts for this badge:

Badger raising hand with !!! in speech bubble
Red flag waving back and forth
Lifeguard whistle and points to shark

Metadata Update from @riecatnor:
- Custom field artwork adjusted to None
- Custom field concept_review_passed adjusted to None

2 years ago

Metadata Update from @riecatnor:
- Custom field artwork adjusted to has_concept (was: None)

2 years ago

Metadata Update from @riecatnor:
- Issue tagged with: artwork-hard, artwork-needed, development

2 years ago

ticket #349 also contained some artwork

Metadata Update from @riecatnor:
- Issue assigned to riecatnor

2 years ago

Metadata Update from @riecatnor:
- Custom field artwork adjusted to has_draft (was: has_concept)

2 years ago

Metadata Update from @riecatnor:
- Issue tagged with: review

2 years ago

Here is a draft for this badge.. input welcome! @mleonova @misc @till

securityreport.pngsecurityreport.svg

@mleonova I see what you’re saying.. do you think we should revise the design or try something different? Misc didn’t love it either

@riecatnor I like the design, it's the color of the flag that is confusing. Maybe give hime something else?

Maybe give him a white hat like a "white hat hacker" https://en.wikipedia.org/wiki/White_hat_(computer_security) - but it would not match since there should no encouragement for people to actively look for security issues and white hats would to this. Can there be maybe something in the background that implies a security issue/danger? This would add a little bit more context to "raising a red flag".

So what I had in mind (and I finally found a video to illustrate that) is something a bit more in line with the hacker in movie trope: https://www.youtube.com/watch?v=ZTwCtQIEswM

Like, if the panda/badger would look like a hacker (trenchcoat, sunglasses, cyberpunk light), that would be what I had in mind.

So I was looking at adapting a badge like this: https://badges.fedoraproject.org/badge/websites.next and wonder if we can make something ridiculous on the screen, like "access granted".

@mleonova and I reviewed this issue at the badges meeting and came up with a new concept. Since the badge would be earned for reporting the issue, concept for art could be a badger or panda on the phone with a "911!" speech bubble. @misc @till thoughts?

Login to comment on this ticket.

Metadata
Attachments 1
Attached 2 years ago View Comment