Bitcoin Forum
April 20, 2018, 05:09:54 PM *
News: Latest stable version of Bitcoin Core: 0.16.0  [Torrent]. (New!)
   Home   Help Search Donate Login Register  
Pages: [1]
Author Topic: [BOUNTY] For security: Establish BTC foundation, hire full-time code reviewers  (Read 993 times)
Offline Offline

Activity: 11
Merit: 0

Freenet developer

View Profile
May 31, 2011, 10:14:04 AM

the biggest issue I see with Bitcoin is security vulnerabilities.
If someday the permanently online Bitcoin nodes hold billions worth of dollars a remote code execution flaw could be fatal for the Bitcoin economy. It would cause a shitstorm of bad news about Btc and probably permanent loss of trust in the currency. Considering that trust is the only thing which makes a currency real this must be avoided at all cost.
(Also, with the money of thousands or tens of thousands of people involved, I do think that the developers hold very much responsibility, and probably far too much responsibility for the open source development model of "we do some code&fix and then release it if we feel okay with it". There rather should be some formalized voting mechanism among the project management, if not among the community, since the community's money is being affected by any changes.)

As someone who has some experience with open source software (3 years of Freenet project) I see the following risk:
Volunteer open source developers are not bound to quality management.
They are more likely to do the "fun stuff" like writing new code than the important stuff like writing unit tests, reviewing code dozens of times, documenting their code, etc.
They are likely to release half-finished, undocumented, half-tested code at midnight due to euphoria about getting the new features out or whatever.

Freenet is a foundation which funds 1 paid full-time developer from donations.
This has the advantage of having someone who depends on not losing his job.
It has the disadvantage though that - since he is the only "reliable" developer (volunteers don't follow orders) - he spends most of his time writing new code, and little of his time with said security / code quality stuff.

IMHO a "trustworthy" open source project has at least 2 paid developers:
One who writes the new code, one who does nothing but reviewing it for security issues & writing black-box unit tests.
Both should be able to vote for getting each others fired of course  Grin

For something like Bitcoin, it might be very suitable to have even a 2:1 or 3:1 ratio of reviewers/writers.
One of the reviewers should be a mathematician - when messing with cryptography it is very easy to shoot yourself in the foot if you don't fully understand the maths of it.
The actual amount of developers can be scaled with the available funds.

Also, given that Bitcoin is a currency, it should be very easy to raise the funds for paying full-time developers - everyone in the community already has the software to donate.

So I suggest we hereby start a bounty to establish a Bitcoin foundation.
I have no idea about how a foundation is founded or which persons are candidates for hired developers, please give your input

I'll ask Ian Clarke to elaborate about how the Freenet project foundation was established, maybe he can help.

Developer of the Freetalk & Web Of Trust subprojects of Freenet -
Freenet flog: USK@QeTBVWTwBldfI-lrF~xf0nqFVDdQoSUghT~PvhyJ1NE,OjEywGD063La2H-IihD7iYtZm3rC0BP6UTvvwyF5Zh4,AQACAAE/flog/12/
Bitcoin: 16CBmnNghHGJJ5T6DSUmNWxLhg97GDt7iU
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
Hero Member
Offline Offline

Posts: 1524244194

View Profile Personal Message (Offline)

Reply with quote  #2

Report to moderator
Offline Offline

Activity: 28
Merit: 0

View Profile
June 06, 2011, 01:28:49 PM

the biggest issue I see with Bitcoin is security vulnerabilities.

Agreed, this is my biggest concern.
Full Member
Offline Offline

Activity: 182
Merit: 100

View Profile
June 06, 2011, 02:33:50 PM

I would recommend rotating the developers roles.  They will be more effective by both writing and reading the code.

As we slide down the banister of life, this is just another splinter in our ass.
Pages: [1]
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!