Happy that Crypto is Embracing Bug Bounties to Improve Security

I am really glad the crypto community has taken advantage of professional Bug Bounty programs, as they make a meaningful difference in finding vulnerabilities in software.  It took the regular software industry decades to see the value. 

There is an important history here.  

Cyber threats and hackers seek out vulnerabilities in software so they can exploit them to undermine the confidentiality, integrity, and availability of systems.  Software developers have long sought to produce functioning code but did not spend much time looking for potential vulnerabilities.  This practice became a problem when hacking soared.  The first inclination of developers were to have some of the software writers check the code internally, but that did not work out very well.  Again, priorities and limited resources still allowed many vulnerabilities to slip by and get into production releases.   

An idea was born to enlist the very hackers (not all hackers are malicious), who were proficient at finding weaknesses, and reward them if they responsibly disclosed their findings to the developers.  Such bounty programs offered financial and reputational incentives based upon the severity of the vulnerability found.   

At first companies did not want to expose their code to outsiders as they felt it would be counterproductive to aid hackers in finding the very few bugs that probably existed.  They were wrong on both counts.  First, there were a lot more bugs than people thought.  Way more.  Some programs could have millions of lines of code.  Estimates now put vulnerabilities at around 1 per every 25 lines of code approximately.  So, the potential problem is orders-of-magnitude bigger than originally suspected.  Second, the external hacking community was quick to assist.  They showed value and the ability to quickly identify problems so developers could fix them.  Hence, the bug-bounty industry was formed and has grown very quickly. 

So, it makes perfect sense that crypto software and solutions should also benefit from such services.   

For more information, the CoinTelegraph article "Bug Bounties in Crypto — the Best Way to Ensure Platform Safety" does a great job in discussing some of the big players in crypto that are diving in and joining the bug bounty programs.