Bug bounty programs invite white hat hackers to test products for vulnerabilities in exchange for monetary rewards. HackenProof facilitates bug bounty programs by connecting clients, hackers, and managing the process. Compared to penetration testing, bug bounty programs involve more testers over longer periods of time with varying skills, and compensation is based on bugs found rather than process. There are public, private, and onsite event-based bug bounty program types. Challenges for blockchain include coverage, supply/demand imbalance, persistence, and rapid development. Existing blockchain programs range from $100-25,000 with Ethereum having the most activity so far. The document provides contact information to launch a bug bounty program.
JMeter webinar - integration with InfluxDB and Grafana
Bug Bounty for Blockchain Projects by Evgenia Broshevan, Project Lead at HackenProof
1. Bug Bounty for Blockchain Projects
Evgenia Broshevan,
Project Lead at HackenProof
2. What is a Bug Bounty program?
Bug bounty program is a process where organizations invite white hat hackers to
test their products for vulnerabilities (bugs) in exchange for monetary rewards
(bounties).
3. What is HackenProof?
Client that wants to test
Security of their systems
HackenProof provides
seamless communication
between hackers
and the client
Highly skilled white hat
hackers from all
over the world
4. Penetration Testing VS Bug Bounty
Bug Bounty Advantages
Limited in number of researchers
Limited in time
Limited in skill
Compensation based on process
Hundreds of researchers
Months or years of testing
Various background
Compensation based on bugs
5. Bug Bounty Program Types
● Public Programs
Everyone on the platform can participate. Great for large and mature products.
● Private programs
The client hand-picks a number of proven researchers with relevant background that are relevant
to the client. The program is completely anonymous. Great for pre-release and early products.
● Onsite Bug Bounty Events
A carefully selected group of 20-30 top hackers gathers in a single location to work on testing
the client’s product non-stop in marathon conditions for 1-3 days. Great for bringing attention
to your product, achieving quick results, and educating your security team.
6. Challenges in Blockchain Industry
● Insufficient detection coverage
● High demand and lack of supply
● Persistence
● Rapid and complex development lifecycle
7. State of the industry
Blockchain BB: https://hackenproof.com/public-bug-bounty-list