FEBRUARY 14 – MARCH 14, 2023

The Big Fix

Join us for a month-long fix-a-thon, where you’ll win prizes for fixing vulnerabilities in open (and closed) source software while making a positive impact. The Big Fix brings developers together to build a more secure software ecosystem to benefit us all while having fun and learning about security.

Registration opens on Valentine’s Day, February 14.

Get notified

Show your software some love

Join folks at The Big Fix and show your appreciation for open source security by fixing security vulnerabilities. Follow the steps below to begin securing your application projects and earn rad swag.

Get notified

1. Scan your projects

Connect The Big Fix app to your projects and use Snyk to scan for vulnerabilities.

2. Fix vulns with Snyk

Fix at least one security vulnerability and we’ll send a limited edition Big Fix t-shirt.

3. Connect with community

Join the DevSecOps Discord to get support and fix security vulnerabilities with new friends.

4. Share your success

Tweet your progress using #TheBigFix, and mention or follow @snyksec to join a special raffle.

5. Join the livestream

Come to our Feb 28 fix-a-thon live stream full of great speakers and educational content.

6. Compete and win prizes

Track your fixing progress on the anonymized leaderboard.

Fix vulnerabilities. Get swag and prizes!

Every participant that imports a project and fixes at least one vulnerability gets a limited edition t-shirt. Other prizes include:

  • Open source sponsorship gift card
  • Limited edition Big Fix coin
  • VR headset (1st place)
  • Wireless speaker (2nd place)
  • Arduino starter kit (3rd place)

Disclose new vulnerabilities responsibly

Whether you’re a security researcher or a developer that just wants to make sure their libraries are safe, Snyk can help you uncover brand new vulnerabilities in open source projects. If you do find a new vuln, be sure to follow responsible disclosure guidelines. Read the FAQ below to learn how the Snyk Security Research team can help.

Get notified

Registration opens on February 14, 2023. Sign up to get notified when registration opens.

FAQ

You have questions and we have answers. If you don’t find an answer for a question you have you can share it during the live stream for the hosts to help answer. Or email us at thebigfix@snyk.io.

How do I register?

add

Registration will open on February 14, 2023.

How do I qualify to receive swag?

add
  • Register for The Big Fix event on February 14. This page will be updated with a form. Then create a Snyk account if you don’t already have one, import your project(s) to Snyk where they will be scanned for security issues, and fix at least one of the identified issues.
  • You can get started fixing security issues immediately to qualify for swag once the event ends, no need to wait! Regardless, we’d love to have you join our Discord community of fixers and our 24-hour live stream on February 28th!

When will raffle winners be announced?

add

We will be announcing raffle winners at two separate times: during our 24-hour live stream (more info on this below), as well as a few days after the event. We’ll directly message all raffle winners with information on how to claim their prize.

How do I join the live stream and where do I get help?

add
  • We’ll be streaming to both Twitch and YouTube so you can tune in and chat with us on whichever platform you prefer. Make sure to set a reminder in your calendar!
  • Join our community Discord where you’ll be able to chat with other fixers like yourself, as well as seasoned security experts who can help answer your questions and resolve security issues! You can join Discord by clicking the following link: https://discord.gg/NXuz63GmUt
    • What do I do after joining Discord?
      • When you enter the community, you’ll need to confirm your email addresses and enable 2FA.
      • Following that, you’ll need to confirm that you have read the rules and accept the Ts and Cs before being allowed into our channels.
      • Once you’ve accepted the Ts and Cs, head to the “🛠-the-big-fix” channel in the “🍿 Events and recordings” category and say hi!.

What if I find a new vulnerability in an open source project?

add

In this case, we’d like to ask you to avoid directly fixing the vulnerability in said project with a pull request and avoid opening a public issue, as these would put users at risk and the maintainers at stress to rush to the issue. Instead, we’d like to advise you to follow responsible disclosure guidelines and report the vulnerability to Snyk,through which we will help you with contacting the maintainer, triaging the vulnerability, and assigning a CVE to your name.

How do I find projects to add to The Big Fix app?

add

Take these steps after signing up on February 14.

  • When you authorize your Snyk account you might be prompted with a request access form that includes a drop-down (showing “Dade Murphy group”) which lists your default Snyk group and the personal organizations that are attached to it. You may need to select a different group which has the projects you want to import to the campaign.
  • If you need to switch to a different organization there is a drop down menu in The Big Fix app that allows you to select a new organization and will result in displaying the projects associated with it.

screenshot of the big fix

How do I convince my boss?

add

Use this email template to explain the benefits of dedicating time to fixing vulnerabilities and the value of participating in this free event as a team.

Hey Boss,

In light of the supply chain security vulnerabilities and the Log4j and Spring4Shell vulnerabilities making headlines last year, I would like my team to dedicate some time this month to start fixing vulnerabilities in our codebase.

I found a free online event called The Big Fix where our team can get advice and troubleshooting support from security experts, plus earn rewards for fixing vulnerabilities in our projects. I’d love for our team to join this event for the following reasons:

  • We want to ensure our developers are educated on proactive security best practices so they can deliver secure code quickly. At this event, we’ll speak with security experts to help our team learn the ropes.
  • Fixing security issues in applications is important, but oftentimes intimidating. Taking on this responsibility in a fun, global competition allows us to work as a team and learn in a blameless environment.
  • Security is a massive priority for every development team. The event live stream will also introduce our team to specific vulnerability patterns, like Cross Site Scripting, for example. Taking this on as a group activity will allow us to build momentum for prioritizing security in 2023.

The event is on Feb 28, 2023 (a Tuesday) and I think it would be a huge help to our growth as a team to participate. Can we get approval for the team to spend the day learning about, identifying, and fixing security issues in our products as part of The Big Fix event?

Securely,

Your teammate

What is your data retention policy for the campaign and how is it used?

add

When you register for the event, you will sign-up with your name and email address. We’ll use an automatically generated alias to list you on the leaderboard, and your email to send you the registration link. We keep the campaign leaderboard and scoring as an aggregated detail and separate from your imported projects and other Snyk data. Upon 30 days of the event’s end all your Snyk user data that we keep in the campaign will be deleted. This is only scoped to the campaign application. Your projects in Snyk will not be affected. Note that you may opt-in for further communication with Snyk when registering.

The Big Fix sponsors 

We’re excited and proud to collaborate with the following Snyk partners that are equally committed to helping secure open source software and fix security vulnerabilities to make the world’s software safer.