ZOMG non full stack devs

Hi

There are a few grants that either have little to no testing or lacklustre at best.

This can be due to a few things.

1 - we are trying to onboard new people. It is unreasonalble for them to know every gotcha.
2 - this is bleeding edge things will fall through the cracks no matter how good the test plan.

@ZOMG it might be worth bearing this in mind when you get some amazing ideas and applicants missing testing or security.

I am a test and security specialist. I have directly worked for at leas 4 house hold names whos software you are probably already using. I have 20 years of experience in test, from bespoke hardware to pc software and everything in between. Including HSM’s and datacyptos.

I used to run the bitcoin testing project with gavin andressen.

I have been part of zcash for 3? years. I have written unpublished mining software. I have developed a FIPS+ hardware wallet.

very familiar with bug databases, requirements based testing (this is what we need imo). release procedures, sign off, cryptographic issues (i have found these in military hardware):blush:

If anyone wants me to look over their stuff and produce an action report id be happy to - I will sign any NDA that is appropriate.

ONE NOTE: the pentester part of me , I cannot engage in pentesting requirements for free. I need a “get out of jail free card”.

this is not just you saying “sure go for it” - but what happens if I take out the upstream to get a 100k 0 conf through? I have also done this for a long time and know how to do this so noone goes to prison. or knock out some IDS/IPS and worstcase I take out someone elses vHosh and ruin thier SLA’s

I can provide supporting evidence for all my claims, and will pass all UK background checks.

2 Likes

I’m really sorry I missed this message.

This sounds like it could be really helpful. What kind of support would you need from ZOMG for this?

The pentesting / get out of jail free card piece of this seems like a really specific best practices question in a field I’m not an expert in. Perhaps others could weigh in here with feedback on that?

they are easy to get, you just need to let people know whats going on.

This is a pretty high bandwidth conversation. can we move this to voice, just as an advisory thing then I might formally submit something.

Works for me!