Bitcoin Forum
December 05, 2016, 12:59:24 PM *
News: To be able to use the next phase of the beta forum software, please ensure that your email address is correct/functional.
 
   Home   Help Search Donate Login Register  
Pages: [1]
  Print  
Author Topic: Security Bounty  (Read 866 times)
kiba
Legendary
*
Offline Offline

Activity: 980


View Profile
June 22, 2011, 01:02:32 PM
 #1

How about creating a security bounty that incentivize white hat hackers to look for security flaws in bitcoin exchanges?

1480942764
Hero Member
*
Offline Offline

Posts: 1480942764

View Profile Personal Message (Offline)

Ignore
1480942764
Reply with quote  #2

1480942764
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1480942764
Hero Member
*
Offline Offline

Posts: 1480942764

View Profile Personal Message (Offline)

Ignore
1480942764
Reply with quote  #2

1480942764
Report to moderator
1480942764
Hero Member
*
Offline Offline

Posts: 1480942764

View Profile Personal Message (Offline)

Ignore
1480942764
Reply with quote  #2

1480942764
Report to moderator
sakkaku
Member
**
Offline Offline

Activity: 70



View Profile WWW
June 22, 2011, 01:06:10 PM
 #2

You mean aside from the incentive to walk away with thousands of dollars worth of bitcoins?

13NiQcetcioQj3YwHL1ZWvgQg8eAjkzUdt
Blog/Projects: zxlu.com | syn-multiminer
hoo2jalu
Member
**
Offline Offline

Activity: 70



View Profile
June 22, 2011, 01:08:23 PM
 #3

You mean aside from the incentive to walk away with thousands of dollars worth of bitcoins?

Those are blackhat incentives. You need to make the incentive large for skilled whitehats to care.

And really, looking for weakness after the fact is already a losing position. The exchanges need to build security in from the start, and actually have a process for secure development and operations that continues along with the exchange itself.

No easy "let's just make a bounty" solutions for this problem....
sakkaku
Member
**
Offline Offline

Activity: 70



View Profile WWW
June 22, 2011, 01:13:22 PM
 #4

You mean aside from the incentive to walk away with thousands of dollars worth of bitcoins?

Those are blackhat incentives. You need to make the incentive large for skilled whitehats to care.

So you are saying you wouldn't take the chance at walking off with tends of thousands of dollars worth of hard to trace currency?

The only difference between "white hat" and "black hat" is that one has decided the risk isn't worth the reward.

13NiQcetcioQj3YwHL1ZWvgQg8eAjkzUdt
Blog/Projects: zxlu.com | syn-multiminer
ribuck
Donator
Legendary
*
Offline Offline

Activity: 826


View Profile
June 22, 2011, 01:39:17 PM
 #5

How about creating a security bounty that incentivize white hat hackers to look for security flaws in bitcoin exchanges?

That is a bounty for exchanges to offer, not for users to offer. There needs to be an incentive for the exchanges to minimize their payouts.
hoo2jalu
Member
**
Offline Offline

Activity: 70



View Profile
June 22, 2011, 01:43:13 PM
 #6

...
So you are saying you wouldn't take the chance at walking off with tends of thousands of dollars worth of hard to trace currency?

Correct. I don't need to steal and greed doesn't motivate me.


The only difference between "white hat" and "black hat" is that one has decided the risk isn't worth the reward.

Not true.

And if the only thing keeping you from unethical and malicious behavior is fear of punishment then you will never understand the mindset of those who don't make their decisions based on such selfish and simplistic arithmetic.
gigitrix
Sr. Member
****
Offline Offline

Activity: 476


Bitcoins finest!!!


View Profile
June 22, 2011, 01:50:49 PM
 #7

A majority of people have a sense of morality. Whether or not the incentive would "work" in converting a hacker is unknown, but it certainly works with companies like google. They offer $1337 for security vuln reporting which is a pittance compared to the gain of selling exploits on the black market, but they pay out in the majority of breaches: it usually isn't found in the wild.
hoo2jalu
Member
**
Offline Offline

Activity: 70



View Profile
June 22, 2011, 01:56:20 PM
 #8

... it certainly works with companies like google. They offer $1337 for security vuln reporting which is a pittance compared to the gain of selling exploits on the black market, but they pay out in the majority of breaches: it usually isn't found in the wild.

This is a good point because reputation/accolades can be a far more valuable motivator than even the largest jackpot.

That $1337 ("elite") payment from one of the biggest companies in the online business garners significant bragging rights far beyond the measly monetary value handed over.

These no-name exchanges are operating from the opposite angle - they've got no clout or history and would need to compensate by upping the pot and/or adding other incentives.

Not to mention, again, that a bounty on the end product is the wrong way to approach security. It can play a part, but effective security is a process that starts before development, continues through operations, and is continuously applied as long as the business remains a going concern.
Pages: [1]
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!