Hi Mike!

Thanks for getting in touch.

We got in touch with two of the three services you mentioned, and spoke with their representatives. Neither would agree to participate in a crowdfunding campaign.

For a crowdfunding campaign to work, the organization (or individual) that agrees to perform or otherwise organize (e.g. a bug bounty service) an audit must agree to become the beneficiary of funds raised. In the case of Kristov's audit, funds raised from the Kickstarter campaign will go directly to Kristov -- at no point will we hold or collect money.

There are legal barriers to us here at CryptOpinion.com soliciting funds for what would ostensibly be a Bitmessage fundraiser. We would have to start a full-blown non-profit or an Unincorporated Nonprofit Association. That approach is a complex issue, and could be a discussion for another time, though.

Kristov has a proven track record of delivering well-researched, thoughtful results. We are excited and appreciative that he has agreed to participate in a crowdfunding campaign. It reflects positively upon his character that he would be willing to put himself out there, and reflects negatively upon the bug bounty services that would not.

As an aside, you will notice that bug bounty programs on CrowdCurity, etc. are mostly (not all) set up by for-profit entities that have the resources necessary to fund bounties fully with their own money. Bitmessage, though, is an open-source protocol. This throws a wrench into things, to put it simply.

Also, for full disclosure, you said on reddit that if we we were to set up a bug bounty program, your group would participate. Therefore, given your group would supposedly benefit financially from a bug bounty program, it should be taken with a grain of salt when you say we are "giving people a false sense of security."

We are extremely pleased to have Kristov as Bitmessage's code auditor. In fact, we would prefer him over a bug bounty program.