Meet Our Mayhem Heroes: Raj Shah
”
As part of the Mayhem Heroes program, ForAllSecure visited various university campuses in the Spring of 2022. At the end of April, ForAllSecure hosted a day-long hackathon at Arizona State University where 181 students participated in the day-long in person training program followed by an online training held soon after. Over the next several weeks, the combined groups of ASU students contributed over 300 GitHub Open Source Software integrations for our Mayhem Heroes program.
Open source software is mission critical, but its security is severely under-tested. As part of Phase 1, ForAllSecure is offered up to $2 million to meet these needs with its Mayhem Heroes program. Anyone who agreed to our terms and conditions and then successfully integrated Mayhem into a qualified OSS GitHub project received $1,000. Raj is one of those heroes.
Raj Shah
"My engineering college’s newsletter had an advertisement for a hackathon on campus, which turned out to be a trial run of the Heroes program. I had figured it would be educational at the very least, but I was actually also successful in completing a bounty (to my pleasant surprise).” Raj Shah
What brought you to the Mayhem Heroes program?
“At the hackathon, the ForAllSecure team walked us through how to complete a bounty and gave us the opportunity to do multiple over the following weeks, after which I figured I may as well join the full program. The skills and technologies involved seemed pretty interesting and marketable, not to mention for a good cause: securing OSS. And I’d be lying if I said I wasn't financially motivated by the bounties as well!”
What is the biggest software bug that you’ve identified using Mayhem?
“A recent example that comes to mind was in TensorFlow Lite for Microcontrollers, which was open sourced by Google. Mayhem was able to crash a handful of such well-funded software projects, but arguably more significant in today’s software supply chains are vulnerabilities in those smaller projects that don’t receive enough scrutiny yet are (indirectly) used in countless other critical projects. After using it so much, I really do think that Mayhem has the potential to make a dent in this dire issue by offering developer-friendly, automated security testing.”
How do you stay motivated to continue learning?
“I struggle with this as much as anybody else; as satisfying the process of learning can be, it can also be exhausting when you’re drinking from a firehose. I’ve found that being the dumbest one in the room is an effective source of motivation, but that definitely feeds into imposter syndrome. Maybe try to be the third-dumbest.”
What advice do you have for the new class of Heroes?
“Take some time to understand the basics of GitHub Actions, Docker, and the popular build systems in your language of choice; it’ll help immensely in debugging. But definitely give up if you can’t fix a repository’s broken build after, like, 15 minutes of effort. Heroes pick their battles, and that one has no winner.”
What impact has the Heroes Community had on your development experience?
“They’ve been an excellent resource for help or affirmation when stuck, as somebody has likely experienced or is experiencing the exact same issue that you currently are. Everybody there is more than willing to give their time to help each other, saving a lot of your tears and the sweat of ForAllSecure employees as well.”
Mayhem Heroes
The Mayhem Heroes program Phase 1 has concluded. Look for an announcement for Phase 2 coming in the Fall of 2022. In the meantime, you can always sign up for a free version of Mayhem.
Add Mayhem to Your DevSecOps for Free.
Get a full-featured 30 day free trial.