Ripple recently had announced the release of a new version of their software Rippled 0.90.1. They are taking it to the next level by announcing a bug bounty program on their official website. This solves the issue of having to listen to frequent complaints about bugs in the software and also helps the Ripple team to improve their technology.
Ripple made the announcement along with some terms and conditions under which you will be qualified for a bounty. They specified that it will be given for identifying any security-relevant bugs in the software. They also stated that the definition of bugs includes exploits, vulnerabilities, and information about ongoing attacks against Ripple’s software.
These security bugs might enable a malicious user to bypass access controls. It also might cause the program to freeze or crash. This is what enables them to hack the software and thereby take control.
The terms and conditions laid down by them in order for them to be treated as a bug are – that it must be strictly concerned with Ripple’s software and infrastructure only. Relevancy of the bug is limited to only security issues and it has to be a danger to user funds, privacy or the operation of the Ripple network.
They also mentioned that it should be original and unknown. This excludes the bugs that have already been discussed publically, thereby avoiding redundancy and saving a lot of time.
“We welcome general security advice or recommendations, but we cannot pay bounties for that. There has to be something we can do to permanently fix the problem. It is to be noted that in some cases, bugs in other people’s software may also be considered. For example, if you find a bug in a browser that compromises security in Ripple and we can get it fixed by talking to the browser vendor, you may qualify for a bounty.”
They have strictly warned against exploitation of this by any user and specified that they cannot use it to attack them. They further said that the bounty will not be paid in case Ripple finds out that the person who has reported itself is the attacker.
A Twitteratti commented:
“Ingenious move by Ripple. This will save a lot of time and ensures safety since it is concerned with security bugs. Next level innovation from Ripple. Way to go guys!”
Powered by WPeMatico