Facebook is gunning to get more external contributions to the cryptocurrency project Libra, starting with a bug bounty program that pays security researchers up to $10,000 in rewards.
“There’s a variable amount of rewards based on bugs,” Diogo Monica, Anchorage cofounder and Libra Association member, told CoinDesk. “This is great for the [Libra] community, this is consistent with the values of the [infosec] community in general.”
This bug bounty program attracted unanimous praise from association members, an important political step even beyond technical benefits. The Financial Times reported earlier this month that two of these firms might pull out entirely due to regulatory concerns. For example, U.S. Rep. Maxine Waters (D-Calif.), who heads the House Financial Services Committee, released a statement on Sunday repeating her concerns about “allowing a large tech company to create a privately controlled, alternative global currency.”
Within that context, fostering volunteer contributions to open-source aspects of the project may be more important than ever. As such, the Libra Association is expanding the beta program with 50 external researchers to welcome any member of the public to report vulnerabilities in the code, through a partnership with the HackerOne bug bounty platform.
“We hope that developers will bring a diversity of perspectives and expertise to this initiative while holding the Libra Blockchain to the highest security standard,” Aanchal Gupta, security director at Facebook subsidiary Calibra, said in a statement.
Such bounty programs are the norm in cybersecurity circles, offering significant value to the project with regards to both insights and public trust. Plus, Libra Association communications lead Dante Disparte added that the Libra testnet is still under development. As such, vulnerabilities found now could significantly impact the final version.
“Some of the initiatives that Libra Association is doing is very forward-thinking,” Jesse Spiro, head of policy at the blockchain analytics firm Chainalysis, told CoinDesk. “Having problems that are already beginning to be identified, by being very proactive and strategic, is a good thing.”
Overall, there are already developers experimenting with the Libra testnet, including dozens of teams that applied to the Libracamp program based in Israel, which isn’t officially affiliated with Facebook.
With regards to getting regulatory sign-off, Disparte said in a statement:
The leader in news and information on cryptocurrency, digital assets and the future of money, CoinDesk is a media outlet that strives for the highest journalistic standards and abides by a strict set of editorial policies. CoinDesk is an independent operating subsidiary of Digital Currency Group, which invests in cryptocurrencies and blockchain startups.