NFT Scams: How They’re Hurting The Market
Read to be aware, learn new things, and know how to secure yourself from NFT scams.
🇺🇦 Hacken stands with Ukraine!Learn more
Crowdsourced security is a cybersecurity approach to protect digital assets from hackers using the public pool of whitehat researchers.
Not all development teams have the internal expertise to detect bugs and vulnerabilities.
That is why crowdsourcing security is useful for smaller teams.
For larger organizations, crowdsourced security means that the company can employ fewer full-time employees. This helps reduce their cost structure.
One of the popular ways to crowdsource security is to place a bug bounty on your application. When you set up the bug bounty, you are hosting a public pentest with as many researchers as possible.
Think of it this way. Security researcher is limited by their knowledge and experience. A single researcher can perceive app vulnerabilities that others may dismiss.
When you set up a large group of researchers, they cross-cover each other for their lack of perception.
Most popular bug bounty platforms offer a direct connection between the bounty hunters and developers through DevOps platforms like GitHub or GitLab. In some cases, security researchers can help developers with a solution.
Bug bounties are designed in a way to reward security researchers for the bugs that they discover.
For example, you can allocate $50,000 for the bug bounty program.
Then, you would need to categorize bugs by their severity.
Basically, how much damage they can do to your company’s revenue flow:
There should be a reward range for every severity level.
For example, low-severity bugs may go up to $500 per bug.
While critical-severity bugs may reach $15 000 per bug.
You can set up bug bounties in 2 ways:
Setting up self-hosted bug bounties is a complex procedure.
Here’s what the basic plan for it would look like:
Be aware that security rating platforms do not favor self-hosted bug bounties. It’s because the rating platforms cannot properly evaluate internal processes.
Publishing bug bounties on marketplace platforms is easier because they take care of most of the work from the above plan. You’d save financial and time costs on development, management, and marketing.
To publish a bug bounty for a Web3 project, you will need to find a platform like HackenProof and prepare only this info:
Here’s an example of the bounty info from HackenProof.
There are many bug bounty solutions available, but only a few of them are tailored specifically for web3 projects like exchanges, DEXes, wallets, and dApps.
The most popular crowdsourced security platforms are:
Security researchers on these platforms scan general software vulnerability categories like:
Here are the bug bounty platforms for web3 projects we’re aware of:
These solutions employ researchers who are not limited to detecting only classic bugs. They can also find vulnerabilities hidden in smart contracts and blockchain protocols.
We’ve prepared a business guide that compares 6 bug bounty solutions for blockchain companies:
Click here to get this guide and you’ll save yourself at least 50 hours of research.