This is a guest post by Cigital’s resident songwriter, Paco Hope.

In an effort to go down in history as the “Weird Al Yankovic” of Software Security, I’ve released my latest single: This time it’s “White Hat Hacker Man” to the tune of Billy Joel’s “Piano Man.”

And here are the lyrics:

It’s five o’clock on a Saturday
The developers are trying again
The release manager waits in his cubicle
for the build scripts and smoke tests to run

He says how will we do this by Monday?
The security tests haven’t begun
It’s buggy and brittle
and does just a little
of what the sales guys downtown say it can

NIST 800-53, FIPS 140-2, PCI….

Chorus:
Break our new app white hat hacker man
Break our new app tonight
Cause we’re all scared to death of the auditor
But you’ll make us feel alright.

Now Bob down the hall is a friend of mine
He uses tools right off the shelf
He can do just a scan
or maybe try something canned,
but he’s better than doing it yourself.

He says “why do we need these consultants?
I can do all this stuff just the same.”
He doesn’t realize, when the hackers come,
Who the management’s going to blame.

CISSP, MSCE, SANS GIAC

Chorus:
Break our new app white hat hacker man
Break our new app tonight
Cause we’re all scared to death of the auditor
But you’ll make us feel alright.

Now Dave’s the development manager
And security’s a pain in his ass
Cause he knows first and foremost
Features get him his bonus
So security always comes last

Chorus:
Break our new app white hat hacker man
Break our new app tonight
Cause we’re all scared to death of the auditor
But you’ll make us feel alright.

Well it’s been a long day in security
The dev manager gives a sad smile
He knows this release
Despite all their pleas
Will miss their deadline by a mile

And metasploit overflows buffers
And the shell code runs on servers galore
And they burned another sprint
Instead of building security in
So assessments will go on some more

CCIE, OWASP, PMP

Chorus:
Break our new app white hat hacker man
Break our new app tonight
Cause we’re all scared to death of the auditor
But you’ll make us feel alright.

This entry was posted on Tuesday, October 13th, 2009 at 9:00 am and is filed under Software Security. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.