"Bug bounties are most useful and efficient as a supplement to proactive security activities focused on preventing and detecting vulnerabilities inside organizations first. Once organizations have established good security practices, bug bounties can help identify security bugs that organizations missed. Bug bounties on their own aren't enough."
According to a report conducted by HackerOne, companies paid out $878,000 in bug bounties in 2018.
"Reported bugs were quickly analyzed and fixed in their public repository. At first the process was very ad-hoc because [EOS CTO] Daniel Larimer and I were sending files back and forth on Telegram, but they've since started to run a bug bounty program on HackerOne which I think is in the best interest of both bug finders and the EOS team."
At the time, the bug earned the largest-ever reward on the platform, although the details of the bug were not made public.
Bug bounties are not a perfect systemWhile bug bounty programs clearly create a healthy environment in which companies reward ethical hacks on their systems, the concept is not without its critics.
"Companies can't use bug bounties as a cheap alternative for due diligence in security. Simply asking strangers to point out flaws without having the capacity to fix them is one way overusing bug bounties can quickly overwhelm organizations."
"If nothing else, a bug bounty program establishes a formal channel for reporting bugs and signals non-hostility towards researchers by vowing to appreciate their work."
"There are not infinite bug buyers waiting to buy up every bug - that's a common myth. However, in cryptocurrency, there are likely more buyers for bugs than in other areas. That being said, if bug hunters prioritize profits, they may very well choose to exploit rather than sell the bugs they find in cryptocurrency, for more direct profit."
Although the rewards advertised by both cryptocurrency and software companies around the world may give the impression that bug bounty hunting can offer a lucrative career, the reality is that competition is high and access is not evenly divided.
"It is usually a lot of work that goes uncompensated, especially if the types of bugs the hunter knows how to find are relatively common classes of bugs. Only the first person to report a particular vulnerability gets paid, so bug bounty hunters who are the most successful tend to be the ones who are invited to private bug bounties with fewer competitors."
the Best Way to Ensure Platform Safety?
gepubliceerd op Oct 3, 2019
by Cointele | gepubliceerd op Coinage
Coinage
Recent nieuws
Alles zien
Blockchain Bites: Bitcoin's Run, Uniswap's Hemorrhaging Value, Anchorage's Banking Bid
Bitcoin is nearing all-time highs in price and market cap last set three years ago.
Japan's megabanks to lead experiment with digital yen
We have, in order, Cheese Bank with a $3.3 million theft, Akropolis with its $2 million loss, Value DeFi with a whopping $6 million exploit and finally Origin Protocol's loss of $7 million.
Number of new Bitcoin addresses spikes amid growing FOMO
Japan's three largest banks, as part of a group of 30 private sector actors, are set to collaborate on an experiment with a digital yen.
Not just Wall Street: Quant trader explains why Bitcoin price is going up
Sam Trabucco, a quantitative trader at Alameda Research, believes four general factors are pushing up the price of Bitcoin.