What CVE is and what it would do for Zels push on deep level security.

There is not much collective security in a flock of sheep on the way to the butcher. -Winston Churchill

CVE is a database of vulnerabilities maintained by volunteers from across the IT and tech industries. Data from them is used by services like for example virustotal.com and Trapmine in their analysis of malicious software behaviour as well as by other antivirus and malware detection services.

Additionally, for companies disclosing vulnerabilities to their users, they are a standardized way of handling such disclosure providing the customers with an easily referenced library describing the vulnerabilities.

There are a significant number of Fortune 500 companies as well as open-source projects contributing towards the CVE database and there is resource sharing amongst these contributors.

Why should Zel even be considering this?

It is simple, and it would demonstrate a very serious commitment to helping actively secure the space. Which in turn, will help with the following points:

1. Demonstrate a high standard of practice and accountability on security issues. (Think listings and portfolio inclusion audits)
2. Help reward volunteer staff with credentials that may assist them later on in their careers with possible course credit and demonstrating an understanding of basic security practices. Sure they are only internal training documents should the process be successful, they will carry significant gravitas.
3. Considerably enhance credibility with Zel’s customer base by consistently disclosing security information in a responsible and while taking ownership of the process.
4. The process in and of itself (registration or not) will ensure that there have been independent eyes on multiple components of Zel’s reporting and handling process at the policy level.
5. The full and public publishing of the involved policies and processes will go about as far as it is possible towards encouraging responsible disclosure which is what everyone wants.

If you look at the five points I have listed above, then it should be crystal clear that this is kicking things to the next level. Taking ownership and responsibility to this degree is rare anywhere in the crypto space.

What does this mean for me as a Miner, Zel Holder, Node Operator, or Potential Investor?

That you are interested in a project which is taking a proactive stance on security. And no, you are not being asked to take this at face value. Please be active, join the community Discord or Telegram, and verify the information provided above there and from other sources.

How do I support such a process?

The community became actively involved in being able to allow us to fund this crucial step. But hard work does not stop there! Over the next several months we will be working on many new security initiatives, including bug bounties, internal audits, disclosure agreements-process and so much more. We take the security of this platform seriously, and the community has backed us in spades.

Learn more about the Bug Bounty Program here: https://zel.network/docs/ZelCommunityBugBountyProgram.pdf

Hop on Zel’s discord and you will find a thread in the #announcement channel which outlines how you can support this process.

On behalf of the Zel team, thank you for reading!

-Bigpiggy01