Dash Bug Bounty Program
- Thread starter jimbursch
- Start date
jimbursch
Well-known member
The MN network has approved funding to extend our partnership with Bugcrowd in operating the Dash Bug Bounty program for an additional year. We are now engaged with Bugcrowd until August, 2019. Thank you MNOs!
Bugcrowd invited me to San Francisco to attend their industry party event "Mayhem at the Mint" that is part of their involvement with the RSA Conference, a major security industry conference. I posted pictures here:
https://www.dash.org/forum/threads/...ted-at-major-security-conference-event.36802/
The next morning I sat for a video interview about the partnership of Dash Bug Bounty with Bugcrowd. Here's a tweet about it:
https://mobile.twitter.com/Bugcrowd/status/986680057635586048?s=20
Bugcrowd invited me to San Francisco to attend their industry party event "Mayhem at the Mint" that is part of their involvement with the RSA Conference, a major security industry conference. I posted pictures here:
https://www.dash.org/forum/threads/...ted-at-major-security-conference-event.36802/
The next morning I sat for a video interview about the partnership of Dash Bug Bounty with Bugcrowd. Here's a tweet about it:
https://mobile.twitter.com/Bugcrowd/status/986680057635586048?s=20
jimbursch
Well-known member
Mentioned in the press:
https://coincentral.com/how-blockchain-can-fill-the-talent-gap-in-cybersecurity-and-ai/
https://coincentral.com/how-blockchain-can-fill-the-talent-gap-in-cybersecurity-and-ai/
jimbursch
Well-known member
Here's another pretty good article about the program:
https://themerkle.com/meet-the-man-who-created-a-bug-bounty-program-for-dash/
Meet the Man Who Created a Bug Bounty Program for Dash
You may not be familiar with Jim Bursch, but you certainly know about Dash, one of the top ten cryptocurrencies (and fighting tooth and nail to remain one). With a strong community supporting it and solid plans to improve its usability and security, Dash has a bug bounty program, and Bursch is the man behind it.
https://themerkle.com/meet-the-man-who-created-a-bug-bounty-program-for-dash/
Meet the Man Who Created a Bug Bounty Program for Dash
You may not be familiar with Jim Bursch, but you certainly know about Dash, one of the top ten cryptocurrencies (and fighting tooth and nail to remain one). With a strong community supporting it and solid plans to improve its usability and security, Dash has a bug bounty program, and Bursch is the man behind it.
jimbursch
Well-known member
Since my last update, there have been two substantial bounties that have been out through the Bugcrowd platform:
$6,000 was paid to a researcher who discovered that the Dash Copay wallet could have it's PIN bruteforced by automating PIN attempts and resetting the device clock to bypass the security measure that limited the number of attempts in a given timeframe. Since the Dash Copay wallet was still in testing on testnet, this had no effect on users, but would have been a critical vulnerability had it reached production.
$5,000 was paid to a researcher and Dash community member who discovered a method of tracing Private Send transactions through limited mixing sessions. This was an edge case that was only rarely possible under specific circumstance. Nonetheless we wanted to reward the researcher for putting the time and effort into analyzing private send transactions and discovering a vulnerability, however rare.
Both of the above issues have been addressed and no longer exist.
$6,000 was paid to a researcher who discovered that the Dash Copay wallet could have it's PIN bruteforced by automating PIN attempts and resetting the device clock to bypass the security measure that limited the number of attempts in a given timeframe. Since the Dash Copay wallet was still in testing on testnet, this had no effect on users, but would have been a critical vulnerability had it reached production.
$5,000 was paid to a researcher and Dash community member who discovered a method of tracing Private Send transactions through limited mixing sessions. This was an edge case that was only rarely possible under specific circumstance. Nonetheless we wanted to reward the researcher for putting the time and effort into analyzing private send transactions and discovering a vulnerability, however rare.
Both of the above issues have been addressed and no longer exist.
InhumanPerfection
Member
jimbursch
Well-known member
I'm just wondering if that guy on reddit made his claim for cracking Private Send.
Jason Pitzen
New member
Hi All,
I'm Bugcrowd's Director of Account Management and Customer Success. We've been trying to get in touch with Jim for the last couple of months to discuss continuing the program and figured this might be the best place now. @GrandMasterDash please feel free to drop me a note: jason (at) bugcrowd (dot) com.
I'm Bugcrowd's Director of Account Management and Customer Success. We've been trying to get in touch with Jim for the last couple of months to discuss continuing the program and figured this might be the best place now. @GrandMasterDash please feel free to drop me a note: jason (at) bugcrowd (dot) com.
I'm sorry to say, I have no idea where Jim is, I haven't seen him around here for a very long time. I'm not sure if it helps but you can submit proposals directly and easily at Dash Nexus, https://dashnexus.org/
If you're successful, the blockchain itself will pay you directly. So long as it's not outlandish, it would get my vote. Thanks.
Jason Pitzen
New member
Thanks, @GrandMasterDash , this is helpful. I'll have my team jump on this right away and we'll include some of the performance stats in the proposal. I found last year's vote and mimic that style for consistency.
jimbursch
Well-known member
Hi guys
I haven't been active on the forum for a while, but I do monitor.
I won't be able to manage the program for another year, but I'm glad to advise and assist continuation of the program. I will get in touch with @Jason Pitzen and do what I can to help. I'll also get in touch with Nathan Marley and get his thoughts on program continuation from the perspective of the Core Team.
ping @GrandMasterDash
I haven't been active on the forum for a while, but I do monitor.
I won't be able to manage the program for another year, but I'm glad to advise and assist continuation of the program. I will get in touch with @Jason Pitzen and do what I can to help. I'll also get in touch with Nathan Marley and get his thoughts on program continuation from the perspective of the Core Team.
ping @GrandMasterDash
Last edited:
There is a new bug bounty live!!!