PIVX Security Bug Bounty program public launch recap

On July 23rd we flipped the switch and launched the public https://hackerone.com/pivx-project. Today I want to share what happened so for and the things we are working on in the future.

How does the bug bounty program work exactly?

Glad you are asking! We chose the fully-managed HackerOne Bug Bounty Program as described on the h1 website.

Our choice: A Fully-Managed HackerOne Bug Bounty Program

The bug bounty program in raw numbers

• The public bug bounty program is 10 days old
• We received 3 submissions so far and are currently looking into the details
• The program itself costs 35k US$ per annum (!), excluding bounty awards
• So far zero bounties are awarded by the PIVX bug bounty panel team on a case by case basis
• The PIVX bug bounty panel has 7 members (Turtleflax, Veramis, Presstab, Mrs-X, Fuzzbawls, s3v3nh4cks and myself)
• I donated all of my personal rewards of 500 PIVX / month from the initial proposal to cover future bug bounty costs

As you can see, the cost for running the fully fledged program are quite significant. After a lot of internal discussions we decided to go with it for the following reasons:

• Security is a top priority for PIVX and settling with less than the best is no option
• The program enables us to learn from the knowledgeable industry experts at HackerOne to eventually handle everything ourselves at some point
• The most scarce resource is developer time. h1 enables us to spend it more efficient

How can I contribute to the Security program?

Everyone of you is invited to take part by auditing the codebase, official wallets and public testnet. Please check https://hackerone.com/pivx-project for details about the scope.

How to get in touch

• Security supermen & superwomen please get in touch!
• Send all requests for interviews, articles, videos, podcasts or questions about the bug bounty program to marsmensch@pm.me.
• Report all PIVX Security issues at https://hackerone.com/pivx-project!

I am very happy to be part of this effort and hope you are, too!

“Superman” by Daniel Lobo is licensed under CC BY 2.0

About hackerone

PIVX and HackerOne have a lot in common. H1 was started by hackers and security leaders who are driven by a passion to make the internet safer. Their platform is the industry standard for hacker-powered security. Companies like Starbucks, Twitter, Airbnb and many others trust their services.

About PIVX

PIVX is a Bitcoin-based community-centric cryptocurrency with a focus on decentralization, privacy, and real-world use. It utilizes an energy efficient Proof of Stake protocol and a second-tier Masternode network for inclusive community-based governance along with a blockchain based self-funding treasury system ensuring its sustainability.

PIVX has implemented a well known highly-vetted protocol called Zerocoin with many custom enhancements allowing blockchain-level transaction anonymity in the way of unlinkability.