Block.one is excited to engage the developer community to help us to continue to secure the integrity of the EOSIO software. As a result, we’ve launched the EOSIO Bug Bounty Program in partnership with the leading ethical hacker-powered security platform, HackerOne. This on-going program will harness the collective intelligence and capabilities of the Block.one Engineering team and leading security researchers via HackerOne’s user-friendly interface.
We have chosen the HackerOne platform for this program as it has serviced hundreds of clients across multiple industries and sectors — including the US Department of Defense, Google, Microsoft, Starbucks and GM — and its customers have resolved over 65,000 vulnerabilities and awarded over US$28 million in bounties.
The Block.one Bounty Program is designed to leverage community involvement and put us ahead of the curve on any potential security vulnerabilities relating to the software. The program allows third parties to benefit from reporting bugs that pose a risk to the functionality of the core software. It utilizes monetary rewards for skilled third-party ethical hackers and researchers who are able to identify such weaknesses before they are exploited.
To qualify for a bounty, vulnerabilities identified must be previously unreported. Participants are reminded that testing must not violate any law, or disrupt or compromise any data that is not your own. It is strictly forbidden to carry out DDOS attacks, leverage black hat SEO techniques, spam people, or to undertake other similarly questionable activities.
To get involved in the Program, please visit https://hackerone.com/eosio
We welcome the contributions of the community as we work to ensure the continued improvement of the EOSIO software well beyond its V1 release. We also want to thank all those who have are already contributed, including Guido Vranken, Yuki Chen of Qihoo 360 Vulcan Team, and Zhiniang Peng of Qihoo 360 Core Security.