Open source. These two words mean lots of things to lots of people. Some say, because it's open source it's more secure because you have complete transparency. Some say, because it's open source it's less secure because amateurs are writing the code. Well, one thing is true, with open source you have free reign to see the code and all the commentary left in there before it's compiled away. Ever wondered what was in those comments? Is there some lingering bug with a comment left behind to remind someone to go back in to fix it later? How many times did the developer leave a comment behind with the word 'bollocks' in it? These are the questions we set out to answer and this talk is about those answers and how we got them.
During our talk we'll cover how we went about crawling the Internets for any and all public repositories, how we parsed the source code and commit statements in the repos we found, how we store the results, and of course the results. Some of what we find will be security specific.... much of what we find will just be comedy. We plan on releasing access to a web interface to perform your own queries against our results to see what interesting comments you can find in which repositories.