Stellenbeschreibung:

Objective:
We are seeking a security researcher to identify 2–3 security bugs in actively maintained open-source software projects on GitHub and provide a well-documented report using our LaTeX template.


Requirements

Target Projects:
• Open-source software hosted on GitHub
• Minimum 50+ stars
• Actively maintained (recent commits within the last 12 months)


Valid Bug Criteria:
• A finding qualifies as a valid security bug if it represents a real security risk within the project itself.


Not accepted:
• Issues only caused by dependencies with known CVEs (if the vulnerable function is not actually used)
• Vulnerabilities that require administrator privileges to add malicious code
• Publicly reported or already documented vulnerabilities
• Intentionally vulnerable projects (e.g., training/educational repos)


Deliverables

Process Documentation (LaTeX + screenshots):
• Description of how projects were searched and selected
• Overview of all analyzed projects, including those with no findings
• Detailed bug reports (2–3 valid bugs) including:
  • Steps to reproduce
  • Screenshots as proof (clearly integrated into the document)
  • Explanations why the issue qualifies as a security bug
  • Final summary of findings and recommendations


Important Notes
• At least two different projects must contain a valid security bug
• Screenshots (or file names) must be clearly positioned in the LaTeX document
• All reports must follow the provided LaTeX template

NOTE / HINWEIS:

EN: Please refer to Fuchsjobs for the source of your application

DE: Bitte erwähne Fuchsjobs, als Quelle Deiner Bewerbung