Re: Vulnerability and Exploitation Specialist

[Fyodor <fyodor () nmap org>]

On Thu, Mar 28, 2013 at 12:07 PM, Muhammad Junaid Muzammil <
mjunaidmuzammil () gmail com> wrote:

> I was looking through the gsoc 2013 project list and I am pretty much
> interested for the post of Vulnerability and Exploitation Specialist. I do
> have some queries here.

 Hi Junaid.  I'm glad to hear that you're considering Nmap SoC.  First,
please not that we aren't really finished updating our SoC ideas page from
last year.  But we have applied to Google to participate again this year.
 And you can find more of our 2013 ideas and plans in a rougher form at
these links:

https://secwiki.org/w/GSoC_community_ideas
http://seclists.org/nmap-dev/2013/q1/394

I also hope to update our main SoC page soon (http://nmap.org/soc/)

Meanwhile, regarding your specific questions:

1) How the resources are arranged? For example some vulnerabilities are
> meant for MAC machines, SUN machines. Does nmap provides on-line access to
> these resources or the student should target the vulnerabilities whose
> resources are available to them.

Yes, there are far more potential vuln scripts than we could ever actually
write during a summer, so we need to prioritize based on things like
severity of the bug, how hard the script will be to write, ease of access
to the service for testing, etc.

2) What are the research prospects after the soc program completes. Does
> nmap allow the work done for them to be continued further as University
> research?

Yes, that is allowed and encouraged.

Cheers,
Fyodor
_______________________________________________
Sent through the dev mailing list
http://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/