The Cardano Foundation and global hacker community HackerOne have partnered to launch Cardano’s first Bug Bounty program that aims to strengthen its network against critical vulnerabilities or potential exploits.
Based in San Francisco with a presence in London, New York City, Singapore, and the Netherlands, HackerOne is a community of ethical hackers that offers bug bounty, VDP, & pentest solutions to companies who want to verify cybersecurity vulnerabilities.
Many establishments including the US Department of Defense have used the company’s services. Other major companies include Twitter, Google, Sony, Goldman Sachs, and DropBox have employed HackerOne capabilities to hack-proof their platforms.
According to the press release, HackerOne has served over 2400 clients and has submitted more than 230,000 valid reports
The announcement released a statement from Jeremy Firster, Project Manager at the Cardano Foundation, who emphasized the importance of the program. He said:
“It is our duty to maintain the highest standards and commitment to code transparency and reliability to ensure that the protocol remains viable for mission critical applications delivered around the world from individuals, start-ups, enterprises, financial institutions, and governments alike.”
Adding that the program would ensure Cardano as the most thoroughly tested and diligently maintained blockchain, he commented:
“As the Cardano ecosystem continues to grow and new features are added to the ecosystem, it remains a priority to ensure the protocol is secure and that all bugs reported are addressed appropriately and transparently.”
Cardano is launching its major upgrade ‘Alonzo’ on 12 September that introduces smart contracts to its platform.
HackerOne account manager Tor Abrams commented that no organization is fully protected from security breaches and the only solution is to detect them early before they are exploited by cybercriminals. He added:
“Ethical hackers can find vulnerabilities that automated scanners miss, by thinking creatively and identifying places where bugs could be ‘chained’ together to provide an exploit. This is something a scanner would not pick up.”
Abrams explained that over 76% of hackers are motivated by bounties. However, the majority (85%) want to learn and expand their skillset and over 62% want to advance in their careers. He also reported that nearly half of the hacker community “protect and defend businesses and individuals from cyber threats.”
The HackerOne website listed a list of bugs that are included in the scope of the program and the reward included for finding the bugs.