NFT: Mastercard teams up with MoonPay, The Sandbox to allow customers to buy NFTs on different marketplaces
Dash employs cybersecurity service Bugcrowd to identify blockchain vulnerabilities
Leading cryptocurrency Dash has announced that it has received approval from the Dash community to employ the services of Bugcrowd, the leader in crowdsourced security testing, to identify critical software vulnerabilities within its code and present them to the Dash Core Team for remediation.
Dash will employ a private bug bounty program through Bugcrowd starting this month, tapping into a curated, invite-only crowd to find Dash vulnerabilities. This will be then expanded to a public program, in line with the rollout of Evolution, where over 60,000 registered security experts around the world will detect issues on behalf of Dash and be rewarded in bug bounty payments.
“Our goal is a safer, stronger network. We are talking about money -- the digital equivalent of cold, hard cash. Meaningful amounts of cash attract a powerful incentive for thieves on a global scale. The Dash project is like building a bank vault, and inviting elite bank robbers to participate in its design, so it can't be robbed by other criminals,” Jim Bursch, Director of DashIncubator and Bugcrowd’s proposal creator said.
The move follows recent hacking attack in which a hacker walked away with $7 million from investors participating in CoinDash’s ICO. Last year, over $50 million was stolen in The DAO (Ethereum) hack. In addition, large companies like Bell Canada and Tesco Bank have recently been victims of information breaches and lost customer funds.
“As Dash gains more mainstream attention, identifying and fixing vulnerabilities is absolutely imperative. Bug bounty programs attract fresh eyes to review code which ensures white-hat hackers help identify any security flaws. Providing strong incentives to attract experienced programmers is one of the many tools we have at our disposal to ensure the Dash codebase is as robust as possible,” Dash Core CEO Ryan Taylor said.
Bugcrowd enlists over 60,000 security researchers to surface critical software vulnerabilities. In any given fortnight, Bugcrowd researchers typically find about five critical vulnerabilities, 70 unique vulnerabilities and 200 total vulnerabilities.
“Currently, there is a massive shortage in cybersecurity professionals - pair this with an expanding attack surface and companies are at a major security disadvantage. We have amassed a solid resource of professional security researchers and years of experience managing highly complex programs. We are living in the era of digital transformation -- cryptocurrency is the next stage in this evolution. Given the globalization of the workforce, it stands to reason that the demand for cryptocurrency will grow,” Bugcrowd CEO Casey Ellis said.
When a security researcher finds a bug in Dash’s code, the Bugcrowd Technical Operations team will handle bug triage and validation, Dash explained. Bugs are assigned a ‘severity’ rating and remediation advice is provided to the Dash Core Team.
“Regardless of size, organizations that attempt a self-managed program quickly find the process overwhelming. Defining scope, identifying program security owners, establishing a vulnerability management program, and even determining time-to-fix agreements within that program -- all of these require time and resources both in the setup, and on an ongoing basis as the program evolves. By choosing Bugcrowd to manage their bug bounty, Dash has taken the work out of running a bug bounty program, so all they see are results,” Ellis added.
Taylor said that Evolution, which aims to completely redefine how a digital currency functions, will be available for Alpha testing in December. He added that in order to provide such optimal user experience, a considerable change to the underlying technology is required. Taylor explained:
“The more improvements Dash adds to the original Bitcoin code, which Dash is based on, means we will continue to invest heavily in ensuring our product meets the highest standard possible. Because digital currencies store wealth and facilitate transfer of payments, it is critical that we take all measures possible to make absolutely sure that even minor software bugs are addressed.”
FxWirePro launches Absolute Return Managed Program. For more details, visit http://www.fxwirepro.com/invest