Potential Prospects [Security Contacts] for Posting Bug Bounties #6
Description
User Story
Security contacts are often the first point of contact for a penetration tester or person reporting a bug that is either related to the security contacts software or own of its dependencies. As part of industry best-practices for companies to post bug bounty programs to encourage bounty hunters and researcher to report them for a reward, it would make sense to compile a list of such contacts that could be candidates to post bug bounties on Gitcoin.
Why Is this Needed
More devs will examine the code/software of the company posting the bounty on Gitcoin, allowing a magnifying glass to be focused on various parts of the code that a bug-bounty is assigned to, such as critical processes or the most important code snippets that related to financial transactions or sensitive user data, which companies are willing to pay to help safeguard.
Summary:
Description
Security research firm Trail of Bits recently compiled a blockchain-focused list that could be a good basis for contacts: https://github.com/trailofbits/blockchain-security-contacts
Type:
Current Behavior
More bug bounties needed on Gitcoin and every blockchain company should have a bug bounty program and publish each level of severity as a bounty on Gitcoin.
Expected Behavior
Have quick access to contact security specialists at blockchain firms who may be interested to participate by posting their existing bug bounty program on Gitcoin
Definition of Done
Get at least one or more new bug bounty posted to Gitcoin from a blockchain company from the above list or from new prospects added to a list that would need to be created for internal or public use.
Additional Information
Potentially propose a format/spec document that could be tailored specifically for bug-bounties that could help guide companies interested in posting their bug bounty program on Gitcoin