Ethereum Blog

Jutta’s update on bug bounty program and security audit

Introduction

user

Jutta Steiner


LATEST POSTS

Security Alert – [Previous security patch can lead to invalid state root on Go clients with a specific transaction sequence – Fixed. Please update.] 10th September, 2015

Security Alert – [Implementation bug in Go clients causing increase in difficulty – Fixed – Miners check and update Go clients] 03rd September, 2015

announcement

Jutta’s update on bug bounty program and security audit

Posted on .

Hi, Jutta writing again – I initially introduced myself when we started the bounty program earlier this year and I’m happy to provide you with an update on what’s happening on the security side prior and throughout launch.

We have had some high quality submissions by bounty hunters – kudos for the creative exploits sent along that the bugs made possible. The number of submissions recently rose. Hence we decided and are announcing that we will continue the bounty program at least throughout the Frontier phase of Ethereum’s launch plan – see Gav’s and Vinay’s respective blog posts.

Please go to our bounty website for more information on the bounty program and make sure check out our lead hunter’s repository here for helpful testing scripts before starting the hunt.

Not only do we rely on individual bug hunters and the community: together with EthDev’s  Gustav Simonsson, I had started the process of selecting professional security experts, academics and blockchain experts for our external security audits late last year. Gustav is now working with auditors and the Ethereum Go dev team to track all security issues tagged here and work out fixes for them. We want to keep good track of all issues and only close them once fully resolved and solutions sufficiently tested. Every bug we find is taken care of and will be fixed before Frontier release. Feel free to follow us on github if you want to keep an eye on the progress.

The first round of work from security auditors is finishing in a couple of weeks, and bug fixing is already well underway. Working through all issues will take the time it takes. It’s a security-driven not schedule-driven process, after all.

profile

Jutta Steiner

There are no comments.

Leave a Reply

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>

View Comments (0) ...
Navigation