ForAllSecure Hosts CMU Open Source Software Hackathon

In early April, ForAllSecure hosted a day-long hackathon at Carnegie-Mellon University in Pittsburgh, PA. There were three main objectives:

• Intro students to fuzz testing
• Introduce the students to Docker
• Introduce the students to Mayhem Free

Some of the students left after the three hours of training. However, a core group of students remained. For the next three hours they integrated Mayhem Free into various open source software GitHub repositories. The purpose is to help ForAllSecure secure open source software.

{{code-cta}}

‍

The event kicked off with pizza and drinks. Around noon, 142 students filed into a lecture room in Doherty Hall at CMU. The  group included several walk-ins who had heard about the event from friends and decided to join in. After introductions from the ForAllSecure staff and T.A. present, the students powered up their laptops and settled in to learn. 

The first session was a training session. First students were introduced to fuzz testing. Nathan Jackson of FroAllSecure walked students through setting up Mayhem and then fuzz testing Lighttpd, an open source software project used to handle 10,000 connections on one server.  He then walked through packaging software for Mayhem and introduced Docker as one method. He then introduced a CMake example before giving the students exercises using open source fuzz testing tools such as AFL and libfuzzer.  Finally students were introduced to GitHub and were shown how to sign up for a free account so they could complete an exercise using gitHub Actions.

Students were then given several examples to work through at their own pace or in groups. T.A.s were on hand to answer questions and help the students complete the exercises.

.

After three hours, the training was done.  Students were given $100 for their time, and one student was awarded a grand prize of an XBox in a raffle. If students wanted to, and were eligible for work in the United States, they could stay and integrate Mayhem into one of the Open Source Repositories on GutHub using GitHub Actions. 

As part of the Mayhem Heroes program, a successful integration of Mayhem into an open source software project on GitHub would result in a $750 bonus. If the repository is still continuously being fuzzed 30 days later, the student would receive an additional $250.

Students were given two hours to complete the task in person and another week to complete it on their own. Thirty projects were completed and submitted for review.

By 6pm, only a handful of students remained in Doherty Hall. As the event closed down, students were asking really good questions. This process continues online on Discord and within the Mayhem Hacking Community Forum.