For those who are not aware, I used to be a professional musician. I went both under my name (Tanya Janca, folk singer) and was in several different musical groups including Couchwrecked, who wrote the song Hottawa.
I just released another parody video and thought I would share it.
“Open Source Ain’t So Good”
Set to the music “You Know I’m No Good” by Amy Winehouse
Reviewing my dependencies, and it hurt,
My rolled up sleeves, SheHacksPurple shirt
You say “what did I add to my app today?”
And sniffed out insecure log4j
‘Cause you’re my sec champ, my guy
Hand me your code and fly
By the time I scanned your dependencies
My tool lit up like a Christmas tree
I used open source
Like I knew I would
I told you It was trouble
Open Source ain’t so good
Open source is free, like a puppy
You Gotta check for insecurities
Just because the code is there for all to see
Don’t mean that it’s been tested thoroughly
Rush to run my SCA tool
It looks at me and
says I’m such a fool
This package ain’t supported no more
I cried for us on the kitchen floor
I used open source
Like I knew I would
I told you It was trouble
Open Source ain’t so good
Sweet refactor, Dependencies upgrade
The app is like it was again
I’m testing it all, while you sit and wait
Us PenTesters, we never hesitate
Then I notice the results and it burns
My stomach drop and my guts churn
You shrug and it’s the worst
Who truly stuck the knife in first
I used open source
Like I knew I would
I told you It was trouble
Open Source ain’t so good
I cheated my app
Like I knew I would
I told you It was trouble
Yeah, Open Source ain’t so good
And here is a previous parody I released, last month.
.
Just Release It Anyway
Sung to Backstreet Boy’s “I want it that way”
Lyrics
Yeah
You are, setting fires
In my, applications
Believe when I say
I don’t want it that way
Your app, is falling apart
Security isn’t in your heart
When you say
Release it anyway
Tell me why You didn’t fix the bugs I found
Tell me why You Ignored the PenTest result
Tell me why I never wanna hear you say
Release it anyway
Am I your advisor?
Your one security hire
Yes, I know it’s too late
‘Cause you released it anyway
Tell me why You didn’t fix the bugs I found
Tell me why You Ignored the PenTest report
Tell me why I never wanna hear you say
Release it anyway
Our security program has fallen apart From the way we know it should be, yeah
No matter the software I want you to know It’s safety matters to meeeeeeeeeee
You are, setting fires
In my, applications
Believe when I say I don’t want it that way
Ain’t nothin’ but a heartache
Ain’t nothin’ but a mistake (don’t wanna hear you say)
I never wanna hear you say (oh, yeah)
Just release it anyway
Tell me why
Ain’t nothin’ but a heartache
Tell me why
Ain’t nothing but a mistake
Tell me why I never want to hear you say (never wanna hear you say)
Release it anyway
Tell me why
Ain’t nothin’ but a heartache
Ain’t nothin’ but a mistake
Tell me why I never want to hear you say (don’t want to hear you say)
Just Release it anyway
‘Cause I don’t want it that way
I had a colleague (now long retired) who used to refer to “open source” as “open sores”. Maybe you should change a few of your lyrics to “open sores” for this parody. Just sayin’, I think it would fit well here.