Ninjastic
PostEdited versionsQuotes to this post
Post
Topic
Board Project Development
Re: Kristov Atlas' Bitmessage security audit
by
bitcomsec
on 29/11/2014, 07:21:49 UTC
Hey,

We talked on reddit a bit back and although I agree an audit of BitMessage is essential the problem is simply paying someone over $6k in BTC for an audit is a waste.

He is one man, with his own specific set of skills. You need an entire community of security researchers to audit BitMessage as they all will be able to provide their different skillsets to the table.

I suggested before to use a bug bounty program like:

- hackerone.com
- bugcrowd.com
- crowdcurity.com

HackerOne or BugCrowd will more than likely yield you real results. You don't pay for one audit. You pay per bug disclosure. When you submit BitMessage to a bug bounty program like the above not only does my security team (BITCOMSEC), and Atlas audit the code, but also another 20,000 security researchers from around the world with different skills and experience will provide you REAL results.

I really do hope that you listen to what I'm telling you and look at the alternative. Relying on one security audit is dangerous for the project. You give people a sense of false security.

Cheers!
Mike