Africa Studio - stock.adobe.com
Amazon Web Services (AWS) is launching a global competition to encourage developers to hunt out a million dodgy code and software vulnerabilities, and potentially eliminate hundreds of millions of dollars’ worth of technical debt, using the Amazon CodeGuru console in the AWS BugBust Challenge.
Developers can sign up online to create a BugBust event to identify and fix bugs in their applications, climb the BugBust leaderboard and compete for achievement badges, prizes, and the chance to win an expenses-paid trip to AWS re.Invent 2021.
CodeGuru is a developer tool built on machine learning used to identify bugs (and find the most expensive lines of code) in applications and automate the code review and application profiling process for developers.
This is one of the more important steps in software development because it helps to ensure code is error-free, as secure as possible, and developed according to best practice.
However, as code bases become larger and more complex, the process becomes more time-consuming and tedious, and can often fall by the wayside, leaving organisations at risk of being compromised by malicious actors further down the line.
“Hundreds of thousands of AWS customers are building and deploying new features to applications each day at high velocity and managing complex code at high volumes,” said Swami Sivasubramanian, VP of Amazon Machine Learning at AWS. “It’s difficult to get time from skilled developers to quickly perform effective code reviews since they’re busy building, innovating, and pushing out deployments.
“Today, we are excited to announce an entirely new approach to help developers improve code quality, eliminate bugs and boost application performance, while saving millions of dollars in application resource costs.
“With the AWS BugBust Challenge, developers can use Amazon CodeGuru to spend less time finding common coding mistakes and more time having fun and competing to improve their applications and save their companies a lot of money.”
Read more about bug bounty programmes
- Online community platform Reddit is opening up its HackerOne bug bounty programme to any ethical hacker who cares to have a look under the bonnet.
- The rise of so-called beg bounties is becoming a challenge for security teams, and can be a drain on time and resources. But what is a beg bounty, and how does it differ from a bug bounty?
The programme is launching at first in AWS’s US East region (North Virginia), but will soon be expanded into additional regions where the CodeGuru service is available. The service currently has endpoints in Europe at Frankfurt, Ireland, London and Stockholm, and in Apac in Singapore, Sydney and Tokyo, and also in the US in Ohio and Oregon.
Miami Dade College – a multi-campus public college serving southern Florida – is one of the first AWS users to sign up for the BugBust programme. Antonio Delgado, dean of engineering, technology and design at the college, said: “The AWS BugBust Challenge will be a fun and educative addition to our curriculum to help our students become more confident in their ability to use the Python programming language and take their IT careers to the next level.
“We plan to use AWS BugBust every semester as a platform for our students to showcase and enhance their coding skills, all while being part of an exciting bug-bashing event.”
Seattle-based children’s charity Games for Love has also signed up to the programme. Nathan Blair, the charity’s founder and CEO, said that although code review was a core part of the development process at his organisation, flaws did still sometimes make it into production.
“AWS BugBust has revolutionised our code review process and empowered developers to get code quality right, in a uniform manner, and enable them to celebrate their bug-bashing achievements,” he said. “Moreover, our developers can use the machine learning-powered recommendations with Amazon CodeGuru to also improve their coding skills.”