Technology
Facebook launches bug bounty program for Libra
Follow @https://twitter.com/PCMag
PCMag.com is a leading authority on technology, delivering Labs-based, independent reviews of the latest products and services. Our expert industry analysis and practical solutions help you make better buying decisions and get more from technology.
As Facebook’s ambitious plans for Libra face intense regulatory scrutiny both in the US and around the globe, the nonprofit Libra Association that governs the Libra blockchain is pushing forward on the technology side.
After more than two months in beta testing with 50 security researchers and blockchain experts, the Libra Bug Bounty Program is now open to the public, the Libra Association announced today. The association is inviting security researchers around the world to uncover bugs and vulnerabilities in the open-source Libra Core code, which remains in an early stage version called testnet.
The conceit of Libra relies upon compromising the traditional decentralization benefits of blockchain technology in order to accelerate transaction speeds, with the goal of transacting Libra nearly instantaneously between digital wallets and within Facebook-owned Messenger and WhatsApp. This trade-off—a permissioned blockchain where only Libra Association members operate a limited number of nodes—heightens already paramount security concerns about a platform and products designed to serve as financial infrastructure for millions, pegged to a basket of real-world currencies.
Launched in partnership with big bounty platform HackerOne, the Libra Bug Bounty program will pay out up to $10,000 for uncovering critical flaws in the Libra blockchain code. Rewards payments scale up based on type and severity, and the Libra Association said it will offer bonus multipliers to “spotlight” bugs that “highlight certain areas of the blockchain to attract research attention.”
“Our rewards program is designed to encourage members of the security community to dig deep, helping us find even the most subtle bugs. We want to help our researchers uncover issues while the Libra Blockchain is still in testnet and no real money is in circulation,” said Michael Engle, the Libra Association’s Head of Developer Ecosystem.
Facebook’s bug bounty program dates back to 2011, and it’s expanded over the years to include new criteria such as developer data abuse in the wake of the Cambridge Analytica scandal. Aanchal Gupta, Security Director at Facebook-owned subsidiary Calibra (which is developing a Libra wallet app to be embedded directly in Facebook apps and services), said he hopes developers will bring a “diversity of perspectives and expertise to this initiative while holding the Libra Blockchain to the highest security standard.”
Calibra head David Marcus told Congress ad nauseum that Libra would not launch until all regulatory concerns are addressed and all approvals are received. So between regulatory pressure, reported second thoughts from Libra Association members, and the sheer scale of actually developing and launching the Libra Blockchain worldwide, we’re still a long way off from anything resembling a finished product. In the meantime, at least Libra is working out some of the bugs.
More information is available in the open-source Libra documentation, and on HackerOne.
This article originally published at PCMag
here
-
Entertainment7 days ago
Earth’s mini moon could be a chunk of the big moon, scientists say
-
Entertainment7 days ago
The space station is leaking. Why it hasn’t imperiled the mission.
-
Entertainment6 days ago
‘Dune: Prophecy’ review: The Bene Gesserit shine in this sci-fi showstopper
-
Entertainment5 days ago
Black Friday 2024: The greatest early deals in Australia – live now
-
Entertainment4 days ago
How to watch ‘Smile 2’ at home: When is it streaming?
-
Entertainment3 days ago
‘Wicked’ review: Ariana Grande and Cynthia Erivo aspire to movie musical magic
-
Entertainment2 days ago
A24 is selling chocolate now. But what would their films actually taste like?
-
Entertainment3 days ago
New teen video-viewing guidelines: What you should know