has_many :codes

From side projects to bug bounties


I have been quiet lately, so some people have been wondering what is going on with me and my projects.

The answer is, not much, really. A few weeks ago I decided to stop working on Cluster Ninja because there was always some obstacle for a reason or another, and as you may know I had already pivoted to this from another project quite recently. I couldn't figure out if I should work on a web app for this, or a CLI tool, if I should adopt open source as business model for this, and many other things. I also found that many people expect to have everything for free these days or are not willing to pay a fair amount for tools that can save them time or money or both.

I did a simple poll recently and the results didn't help me with the many questions I had, so the confusion was already demotivating. Then came the announcement of fly.io's new Kubernetes service and it kinda killed my motivation because I couldn't just focus on building my own thing without thinking too much about the potential competition. Also I always felt the imposter syndrome due to the assumption that I could never compete with these companies given my very limited resources.

So I kinda lost motivation to work on side projects in general to be honest, and have been thinking about what I should do with my free time because I would still like to do something that I like (at the day job sometimes I have to work on things that are not the most interesting or challenging for me), and at the same time try to earn some extra cash which can always be useful for our family of five.

Eventually I decided to just take a break from side projects where I build stuff, and try to invest my free time in another passion of mine, which is security. At work I have started to perform internal web app pentests and over the past couple of years I have become more interested in such topics than ever before, so I also did some formal training with OffSec related to this to get more familiar with techniques and tools for web app hacking. Since I have a long experience as a developer (over 25 years) I knew a ton of stuff already but this process has put me in a position where I think I could start pretty soon with bug bounties. I love hacking and more so if I can do it legally and also get paid at the same time.

So it's likely I will start writing more on these topics also on this blog when I have time. But first I am gonna take 2-3 months to practice some stuff more, and get more familiar with some tools I only discovered recently, before I start with bug bounties. I could have started a while ago already, but if I do it I don't want to go after the low hanging fruit most people are after, so I want to feel "ready" for more interesting stuff. Stay tuned!
© Vito Botta