|
lilaj4de
|
|
October 19, 2018, 12:56:38 AM |
|
Will the incentive for new vulnerability discoveries, the award, or the amount of tokens to be gained, be consistent with the complexity of the vulnerability encountered?
|
|
|
|
secureplanetio (OP)
Newbie
Offline
Activity: 48
Merit: 0
|
|
October 21, 2018, 09:29:14 PM |
|
Will the incentive for new vulnerability discoveries, the award, or the amount of tokens to be gained, be consistent with the complexity of the vulnerability encountered?
The amount of tokens Secure Planet awards to contributors will vary depending on each individual case. Two major factors will determine the amount of awarded tokens. They are as follows: - Popularity of the open source software containing the vulnerability - the higher the usage and/or adoption rate of the open source project, the higher the token amount
- Vulnerability severity ranking - the more critical the vulnerability, the higher the token amount
|
|
|
|
|
|
secureplanetio (OP)
Newbie
Offline
Activity: 48
Merit: 0
|
|
October 26, 2018, 03:12:30 AM |
|
Meet Andrew Jang – CSO of Secure Planethttps://secureplanet.io/1550/meet-andrew-jang-cso-of-secure-planetThe Secure Planet team consists of entrepreneurs and industry professionals with expertise in the areas of technology, open source software, security, and venture capital. Andrew Jang handles the communication for and execution of all our strategic initiatives.
|
|
|
|
secureplanetio (OP)
Newbie
Offline
Activity: 48
Merit: 0
|
|
October 30, 2018, 04:24:39 AM |
|
Secure Planet Releases White Paper – Available on Our Website!https://secureplanet.io/1568/secure-planet-releases-white-paper-available-on-our-websiteThe Secure Planet white paper delves into the inherent issues of Open Source Software (OSS). In particular, the lack of incentive to fix publicly known security flaws. It explains, in depth, how the SPX tokenomics has been designed to incentivize the active reporting and remediation of vulnerabilities. The white paper will act as the primary manifesto for the next generation of IoT device security.
|
|
|
|
carloff
Newbie
Offline
Activity: 94
Merit: 0
|
|
October 30, 2018, 06:38:25 AM |
|
Thanks for the info.
|
|
|
|
|
|
|
|
Nightz
|
|
November 15, 2018, 01:42:37 AM |
|
Will the incentive for new vulnerability discoveries, the award, or the amount of tokens to be gained, be consistent with the complexity of the vulnerability encountered?
The amount of tokens Secure Planet awards to contributors will vary depending on each individual case. Two major factors will determine the amount of awarded tokens. They are as follows: - Popularity of the open source software containing the vulnerability - the higher the usage and/or adoption rate of the open source project, the higher the token amount
- Vulnerability severity ranking - the more critical the vulnerability, the higher the token amount
Who decides whether a discovered vulnerability is severe or not? That's a process that can hardly be judged highly objectively. What does the scale for the ranking look like?
|
|
|
|
|
secureplanetio (OP)
Newbie
Offline
Activity: 48
Merit: 0
|
|
November 16, 2018, 11:48:20 PM |
|
Will the incentive for new vulnerability discoveries, the award, or the amount of tokens to be gained, be consistent with the complexity of the vulnerability encountered?
The amount of tokens Secure Planet awards to contributors will vary depending on each individual case. Two major factors will determine the amount of awarded tokens. They are as follows: - Popularity of the open source software containing the vulnerability - the higher the usage and/or adoption rate of the open source project, the higher the token amount
- Vulnerability severity ranking - the more critical the vulnerability, the higher the token amount
Who decides whether a discovered vulnerability is severe or not? That's a process that can hardly be judged highly objectively. What does the scale for the ranking look like? The severity of the security vulnerabilities, like the reporting of vulnerabilities themselves, will be determined through a crowdsourced voting process. Voting will take place for ten days and contributors must vote for one of two outcomes: 1) yes, the vulnerability is accurate and should be included in the database, or 2) no, the vulnerability not accurate and should be rejected from the database. The “Yes” voters must also assign the “Vulnerability Score” using the CVSS calculator at https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L. Their submissions will be averaged out to derive the official Vulnerability Score. Once Secure Planet reveals the majority vote, the verifiers who voted on the winning outcome will be rewarded with SPX and Rep Tokens. Verifiers who chose the losing vote will lose Rep Tokens and receive no SPX.
|
|
|
|
|
|
Nightz
|
|
November 22, 2018, 03:19:00 PM |
|
Will the incentive for new vulnerability discoveries, the award, or the amount of tokens to be gained, be consistent with the complexity of the vulnerability encountered?
The amount of tokens Secure Planet awards to contributors will vary depending on each individual case. Two major factors will determine the amount of awarded tokens. They are as follows: - Popularity of the open source software containing the vulnerability - the higher the usage and/or adoption rate of the open source project, the higher the token amount
- Vulnerability severity ranking - the more critical the vulnerability, the higher the token amount
Who decides whether a discovered vulnerability is severe or not? That's a process that can hardly be judged highly objectively. What does the scale for the ranking look like? The severity of the security vulnerabilities, like the reporting of vulnerabilities themselves, will be determined through a crowdsourced voting process. Voting will take place for ten days and contributors must vote for one of two outcomes: 1) yes, the vulnerability is accurate and should be included in the database, or 2) no, the vulnerability not accurate and should be rejected from the database. The “Yes” voters must also assign the “Vulnerability Score” using the CVSS calculator at https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L. Their submissions will be averaged out to derive the official Vulnerability Score. Once Secure Planet reveals the majority vote, the verifiers who voted on the winning outcome will be rewarded with SPX and Rep Tokens. Verifiers who chose the losing vote will lose Rep Tokens and receive no SPX. Does anyone hold a majority in the network in the beginning or is the network more or less evenly distributed?
|
|
|
|
|
|
|