Thousands of Bugcrowd researchers will be incentivized to identify flaws, which Bugcrowd will triage, alienate, and then present to the Dash Core Team for remediation. The process begins as a curated, invite-only event before expanding into a public program as its next release Evolution is set to release.
“Our goal is a safer, stronger network,” Dashincubator and Bugcrowd proposal creator Jim Bursch said. “We are talking about money — the digital equivalent of cold, hard cash. Meaningful amounts of cash attract a powerful incentive for thieves on a global scale. The Dash project is like building a bank vault, and inviting elite bank robbers to participate in its design, so it can’t be robbed by other criminals.”
“As Dash gains more mainstream attention, identifying and fixing vulnerabilities is absolutely imperative,” Dash Core CEO Ryan Taylor said. “Bug bounty programs attract fresh eyes to review code which ensures white-hat hackers help identify any security flaws. Providing strong incentives to attract experienced programmers is one of the many tools we have at our disposal to ensure the Dash codebase is as robust as possible.”
Bugcrowd has more than 60,000 researchers available. On average they find about five critical vulnerabilities, 70 unique vulnerabilities and 200 total vulnerabilities in a fortnight.
“Currently, there is a massive shortage in cybersecurity professionals,” Bugcrowd CEO Casey Ellis said. “Pair this with an expanding attack surface and companies are at a major security disadvantage.
“We have amassed a solid resource of professional security researchers and years of experience managing highly complex programs. We are living in the era of digital transformation — cryptocurrency is the next stage in this evolution. Given the globalization of the workforce, it stands to reason that the demand for cryptocurrency will grow.”
Mr. Taylor said the process will help improve a product currently in development.
“Our landmark release, Evolution, aims to completely redefine how a digital currency functions and will be available for Alpha testing in December. Providing that optimal user experience requires a massive change to the underlying technology. The more improvements Dash adds to the original Bitcoin code, which Dash is based on, means we will continue to invest heavily in ensuring our product meets the highest standard possible. Because digital currencies store wealth and facilitate transfer of payments, it is critical that we take all measures possible to make absolutely sure that even minor software bugs are addressed.”
“Regardless of size, organizations that attempt a self-managed program quickly find the process overwhelming,” Mr. Ellis said. “Defining scope, identifying program security owners, establishing a vulnerability management program, and even determining time-to-fix agreements within that program — all of these require time and resources both in the setup, and on an ongoing basis as the program evolves. By choosing Bugcrowd to manage their bug bounty, Dash has taken the work out of running a bug bounty program, so all they see are results.”