February 12, 2024
So yeah, today was one of the best and busiest days I’ve had so far.
Yesterday, when I initially found that bug, I didn’t realize how huge its impact was. I was learning and solving labs related to SAML, and when I understood the flow, I thought, "This should affect all tenants." Since I had already found a similar bug in the same product before, I tested it across other tenants. The moment I confirmed it, I was so excited, literally yelling "Emergency! Emergency!" to my friend. I was like, "F***..."
Once I realized how critical and high-impact this was, I immediately started working on the report. I wrote a detailed report, recorded the PoC, drafted an email, and notified all the stakeholders late last night. Then, I waited for an immediate response.
No response came, so I went to bed around 12:30 AM, but I couldn’t sleep because my mind was racing with thoughts about this bug and its impact. I finally got some short sleep around 2 AM and woke up early at 6 AM to check if anyone had responded. The sleep was horrible, but at least a few team members acknowledged and praised our findings.
Since there was still no proper response, I sent another follow-up email, urging immediate action. Soon after, I got a direct call from the CTO. I didn’t even have his number saved, and the first thing he asked was:
"Hey, how is this affecting all tenants? We just introduced this SAML feature. How should it be impacting everything?"
I explained everything, but he still wasn’t getting it. So, I simplified it into plain terms and direct points. That’s when he started arguing with the developers and security team, questioning why no testing was done before releasing this into production. The dev leads were literally fumbling because they had no excuse. Since a rollback wasn’t an option, I suggested a temporary fix and told them to roll it out for all tenants immediately. That call lasted for about 40 minutes, I think.
After that, I had another meeting with the dev leads, data & security compliance officers, and others, where I explained the root cause and impact. Once they saw the issue, they launched an internal investigation and sent an email to all customers about the vulnerability. But, they conveniently didn’t tell them that even if they don’t have this configuration enabled, they’re still vulnerable. Well, it’s just business, right?
Later, I had a discussion with the dev team and cloud team about possible fixes. Nothing was working at first, but finally, the cloud team came up with a temporary solution. I agreed, and we proceeded with that fix.
In the afternoon, yet another meeting—retesting everything, and finally, the green flag was given. No afternoon nap today.
Also, my friend and colleague—who I work closely with—found another crazy bug today, and honestly, I had just one word: "F***!" Like seriously, if we hadn’t joined this company, what would have happened to all these vulnerabilities?
After all this, I really hope we get paid well. Let’s see how it goes.
To end the day, I went for my daily walk. Today's step count: 6,026, which is 1K more than usual. Total steps so far: 69,211.
Sorry if you’re reading this and it’s all about work today, but I just feel so happy to be involved in something this big. Even as an intern, the impact I’m making feels huge. Just hoping I don’t get disappointed in the end.
