Meet Our Mayhem Heroes: Bailey Capuano
During the Spring 2022 semester, ForAllSecure hosted a day-long hackathon at Arizona State University where 181 students participated as part of the Mayhem Heroes program.
Bailey Capuano recognized the value of cybersecurity and joined us for the event. Over the next several weeks, Capuano and the combined groups of ASU students contributed over 300 GitHub Open Source Software integrations for our Mayhem Heroes program.
As part of Phase 1, ForAllSecure has offered up to $2 million to meet these needs with its Mayhem Heroes program. Anyone who agreed to the terms, conditions, and then successfully integrated Mayhem into a qualified OSS GitHub project received $1,000. Capuano is one of those heroes. Since then, Capuano has graduated with a Master of Science in Computer Science (Cybersecurity).
“Having participated in the Heroes Community has provided me with a newfound interest in automated software testing, which I would love to keep exploring and learning about.” —Bailey Capuano
How did you first get into software development?
“I took an introduction to web development course in middle school and was immediately hooked. I loved that programming felt like solving a puzzle as opposed to regular homework. From then onwards, I knew I’d want to do software development professionally. I’m always looking for ways to challenge myself, and software development is the perfect opportunity to do just that.”
What brought you to the Heroes program?
“Besides sounding like an amazing opportunity to get paid for writing software, I always wanted an excuse to delve deeper into fuzzing and writing harnesses as I had limited exposure to them from a previous course at school.”
What is your biggest success with the Heroes program?
“I would say that my biggest success was becoming far more comfortable with fuzzing as a concept and learning how to identify fuzzing targets within large open-sourced libraries. It was an extremely rewarding experience to play a small part in making the software ecosystem a safer place.”
What is the biggest software bug that you’ve identified using Mayhem?
“While I was able to find numerous null-pointer dereferences across a swath of projects that could be used in denial of service attacks, I would say the biggest software bug I found was in a networking library. The Mayhem framework was able to identify a buffer overflow in the project’s functionality that handles UDP packet receipt. This is especially dangerous as this vulnerability could easily be triggered by a remote attacker to leak information.”
What advice do you have for the new class of Heroes?
“You may get discouraged if you struggle to integrate Mayhem into a project and just can’t get it. Know when to move on to the next target and come back later. Most importantly, remember that your efforts will have a big impact on software security.”
The Mayhem Heroes program Phase 1 has concluded. Look for an announcement for Phase 2 coming in the Fall of 2022. In the meantime, you can always sign up for a free version of Mayhem.