Bug bounty program

Copied from: Megathread: Community Submissions for DFINITY Foundation’s Roadmap - #16 by lastmjs

Consider adding a large-scale and ongoing bug bounty program. I believe DFINITY now has a responsible security vulnerability disclosure process, which is one excellent step in the right direction. But I think DFINITY should also allocate a large amount of funds towards rewarding those who responsibly disclose security vulnerabilities. I think this program warrants multiple millions of dollars towards responsible disclosure.

I am not confident the system is secure when it has only been looked over by members of the Foundation, or those close to them (I assume this has been the case, I could be wrong).

10 Likes

I second this, not much else to say. :grinning_face_with_smiling_eyes:

3 Likes

If you want small-scale instead of large-scale there is https://github.com/nomeata/capture-the-ic-token :wink:

3 Likes

Hahaha, I haven’t been able to break that one yet. Super fun

Great feedback! The foundation is moving towards Vulnerability Rewards Program from just being a disclosure program as we speak. The foundation is looking to reward those who come up with significant security findings.

8 Likes

Great news, thank you!

I hope the rewards will be competitive to attract the best hackers and security researchers from inside and outside of crypto.

2 Likes