alex9
Member
Yesterday, a vulnerability exploit in Bitcoin Unlimited (BU) was launched, capable of "knocking down" a node using a specially crafted message.
I believe that in connection with the latest developments around Dash (price increase and as a consequence - increased attention to Dash, DDoS attack on the Dash network), attention to the security of Dash from a wide range of grey-hat and black-hat hackers is almost inevitable.
In my experience (15 years of development and 11 years of security analysis), I know that the developer and the cracker are looking at the same code in different ways. The BU bug remained unnoticed for 9 months and eventually led to drop of 70% BU nodes.
Also, I'm inclined to agree with the fairly common opinion that no one reads the code of large projects, and therefore it's pretty naive to hope that serious bugs will be discovered by random enthusiasts and added to Issues on Github.
Don't you think, dear developers, it is advisable to run a bug bounty program and/or hire a contractor to audit security (as, for example, did it in VeraCrypt)?
I believe that in connection with the latest developments around Dash (price increase and as a consequence - increased attention to Dash, DDoS attack on the Dash network), attention to the security of Dash from a wide range of grey-hat and black-hat hackers is almost inevitable.
In my experience (15 years of development and 11 years of security analysis), I know that the developer and the cracker are looking at the same code in different ways. The BU bug remained unnoticed for 9 months and eventually led to drop of 70% BU nodes.
Also, I'm inclined to agree with the fairly common opinion that no one reads the code of large projects, and therefore it's pretty naive to hope that serious bugs will be discovered by random enthusiasts and added to Issues on Github.
Don't you think, dear developers, it is advisable to run a bug bounty program and/or hire a contractor to audit security (as, for example, did it in VeraCrypt)?
