Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Potential Prospects [Security Contacts] for Posting Bug Bounties #6

Open
hatgit opened this issue Nov 30, 2018 · 1 comment
Open

Potential Prospects [Security Contacts] for Posting Bug Bounties #6

hatgit opened this issue Nov 30, 2018 · 1 comment

Comments

@hatgit
Copy link
Member

hatgit commented Nov 30, 2018

User Story

Security contacts are often the first point of contact for a penetration tester or person reporting a bug that is either related to the security contacts software or own of its dependencies. As part of industry best-practices for companies to post bug bounty programs to encourage bounty hunters and researcher to report them for a reward, it would make sense to compile a list of such contacts that could be candidates to post bug bounties on Gitcoin.

Why Is this Needed

More devs will examine the code/software of the company posting the bounty on Gitcoin, allowing a magnifying glass to be focused on various parts of the code that a bug-bounty is assigned to, such as critical processes or the most important code snippets that related to financial transactions or sensitive user data, which companies are willing to pay to help safeguard.
Summary:

Description

Security research firm Trail of Bits recently compiled a blockchain-focused list that could be a good basis for contacts: https://github.com/trailofbits/blockchain-security-contacts
Type:

Current Behavior

More bug bounties needed on Gitcoin and every blockchain company should have a bug bounty program and publish each level of severity as a bounty on Gitcoin.

Expected Behavior

Have quick access to contact security specialists at blockchain firms who may be interested to participate by posting their existing bug bounty program on Gitcoin

Definition of Done

Get at least one or more new bug bounty posted to Gitcoin from a blockchain company from the above list or from new prospects added to a list that would need to be created for internal or public use.

Additional Information

Potentially propose a format/spec document that could be tailored specifically for bug-bounties that could help guide companies interested in posting their bug bounty program on Gitcoin
@rmshea
Copy link

rmshea commented Jan 16, 2019

This is a super interesting idea, and is especially relevant with the Constantinople upgrade being postponed due to a security issue. Easily marketable -- "don't want it to happen again; use gitcoin.."

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@hatgit @rmshea