Hi, Jutta writing again – I initially introduced myself when we started the bounty program earlier this year and I’m happy to provide you with an update on what’s happening on the security side prior and throughout launch.
We have had some high quality submissions by bounty hunters – kudos for the creative exploits sent along that the bugs made possible. The number of submissions recently rose. Hence we decided and are announcing that we will continue the bounty program at least throughout the Frontier phase of Ethereum’s launch plan – see Gav's and Vinay's respective blog posts.
Not only do we rely on individual bug hunters and the community: together with EthDev’s Gustav Simonsson, I had started the process of selecting professional security experts, academics and blockchain experts for our external security audits late last year. Gustav is now working with auditors and the Ethereum Go dev team to track all security issues tagged here and work out fixes for them. We want to keep good track of all issues and only close them once fully resolved and solutions sufficiently tested. Every bug we find is taken care of and will be fixed before Frontier release. Feel free to follow us on github if you want to keep an eye on the progress.
The first round of work from security auditors is finishing in a couple of weeks, and bug fixing is already well underway. Working through all issues will take the time it takes. It’s a security-driven not schedule-driven process, after all.