Bitcoin Forum
December 03, 2016, 04:43:33 AM *
News: Latest stable version of Bitcoin Core: 0.13.1  [Torrent].
 
   Home   Help Search Donate Login Register  
Pages: [1]
  Print  
Author Topic: [BOUNTY] For security: Establish BTC foundation, hire full-time code reviewers  (Read 896 times)
xor
Newbie
*
Offline Offline

Activity: 11


Freenet developer


View Profile
May 31, 2011, 10:14:04 AM
 #1

Hi,
the biggest issue I see with Bitcoin is security vulnerabilities.
If someday the permanently online Bitcoin nodes hold billions worth of dollars a remote code execution flaw could be fatal for the Bitcoin economy. It would cause a shitstorm of bad news about Btc and probably permanent loss of trust in the currency. Considering that trust is the only thing which makes a currency real this must be avoided at all cost.
(Also, with the money of thousands or tens of thousands of people involved, I do think that the developers hold very much responsibility, and probably far too much responsibility for the open source development model of "we do some code&fix and then release it if we feel okay with it". There rather should be some formalized voting mechanism among the project management, if not among the community, since the community's money is being affected by any changes.)

As someone who has some experience with open source software (3 years of Freenet project) I see the following risk:
Volunteer open source developers are not bound to quality management.
They are more likely to do the "fun stuff" like writing new code than the important stuff like writing unit tests, reviewing code dozens of times, documenting their code, etc.
They are likely to release half-finished, undocumented, half-tested code at midnight due to euphoria about getting the new features out or whatever.

Freenet is a foundation which funds 1 paid full-time developer from donations.
This has the advantage of having someone who depends on not losing his job.
It has the disadvantage though that - since he is the only "reliable" developer (volunteers don't follow orders) - he spends most of his time writing new code, and little of his time with said security / code quality stuff.

IMHO a "trustworthy" open source project has at least 2 paid developers:
One who writes the new code, one who does nothing but reviewing it for security issues & writing black-box unit tests.
Both should be able to vote for getting each others fired of course  Grin

For something like Bitcoin, it might be very suitable to have even a 2:1 or 3:1 ratio of reviewers/writers.
One of the reviewers should be a mathematician - when messing with cryptography it is very easy to shoot yourself in the foot if you don't fully understand the maths of it.
The actual amount of developers can be scaled with the available funds.

Also, given that Bitcoin is a currency, it should be very easy to raise the funds for paying full-time developers - everyone in the community already has the software to donate.

So I suggest we hereby start a bounty to establish a Bitcoin foundation.
I have no idea about how a foundation is founded or which persons are candidates for hired developers, please give your input

I'll ask Ian Clarke to elaborate about how the Freenet project foundation was established, maybe he can help.

Developer of the Freetalk & Web Of Trust subprojects of Freenet - http://freenetproject.org
Freenet flog: USK@QeTBVWTwBldfI-lrF~xf0nqFVDdQoSUghT~PvhyJ1NE,OjEywGD063La2H-IihD7iYtZm3rC0BP6UTvvwyF5Zh4,AQACAAE/flog/12/
Bitcoin: 16CBmnNghHGJJ5T6DSUmNWxLhg97GDt7iU
1480740213
Hero Member
*
Offline Offline

Posts: 1480740213

View Profile Personal Message (Offline)

Ignore
1480740213
Reply with quote  #2

1480740213
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
DukeOfEarl
Newbie
*
Offline Offline

Activity: 28


View Profile
June 06, 2011, 01:28:49 PM
 #2

the biggest issue I see with Bitcoin is security vulnerabilities.

Agreed, this is my biggest concern.
FooDSt4mP
Full Member
***
Offline Offline

Activity: 182


View Profile
June 06, 2011, 02:33:50 PM
 #3

I would recommend rotating the developers roles.  They will be more effective by both writing and reading the code.

As we slide down the banister of life, this is just another splinter in our ass.
Pages: [1]
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!