Only one bug report has been submitted on Dash Core since I last posted an update, and that report was evaluated to be more of an anomaly in the code, not a bug or vulnerability.
There were several more reports submitted on Dash Messaging -- all minor, but much appreciated since they help to secure and improve the service.
If anyone wants further details, feel free to message me directly, either here or
https://d-msg.com/jimbursch
We are preparing to add the Dash Copay wallet to the Bugcrowd platform, when the Copay wallet is released. I am coordinating with the Dash Copay team, led by
@Chuck Williams . When the Public Beta Testnet version of the Dash Copay wallet is released we will be launching the Dash Copay Bug Bounty Program privately on the Bugcrowd platform. This means that Bugcrowd will be inviting selected/trusted researchers to examine the code and try to find bugs/vulnerabilities.
I expect that the Copay bounty program will go like the Dash Core program, which means that there will be very few (if any) reports. This is because we are dealing with very sophisticated/complex code that has already been well tested and vetted. I think there are few Bugcrowd researchers who have the expertise to really tear apart the code. This is in contrast to Dash Messaging, which is a web app that is exactly what Bugcrowd researchers love to hack.
This means that the primary value of the Dash Bug Bounty program is its PR value -- the reassurance it offers to users that the code is secure.
With that in mind, I am working on a PR campaign to coincide with the release of the Copay wallet. The target audience for this campaign is:
1. Dash Copay wallet users who are reassured that the wallet is backed by the best funded bug bounty program in all cryptocurrency
2. Researchers/hackers who would like to test the security of the Dash Copay wallet, and do so in a responsible manner.
With the rise of the price of Dash we have funding available in the budget to pay for a high quality, professional campaign. And we will be able to partner with Bugcrowd on this campaign, leveraging their resources.
I will be starting a separate thread for details and updates about this campaign.