Facebook is gunning to get more external contributions to the cryptocurrency project Libra, starting with a bug bounty program that pays security researchers up to $10,000 in rewards.
The Libra Association, a nonprofit backed by a coalition of companies like Visa and PayPal that are interested in supporting Facebook’s new blockchain ecosystem, previously announced plans for the bounty program that went live Tuesday.
“There’s a variable amount of rewards based on bugs,” Diogo Monica, Anchorage cofounder and Libra Association member, told CoinDesk. “This is great for the [Libra] community, this is consistent with the values of the [infosec] community in general.”
This bug bounty program attracted unanimous praise from association members, an important political step even beyond technical benefits. The Financial Times reported earlier this month that two of these firms might pull out entirely due to regulatory concerns. For example, U.S. Rep. Maxine Waters (D-Calif.), who heads the House Financial Services Committee, released a statement on Sunday repeating her concerns about “allowing a large tech company to create a privately controlled, alternative global currency.”
Within that context, fostering volunteer contributions to open-source aspects of the project may be more important than ever. As such, the Libra Association is expanding the beta program with 50 external researchers to welcome any member of the public to report vulnerabilities in the code, through a partnership with the HackerOne bug bounty platform.
“We hope that developers will bring a diversity of perspectives and expertise to this initiative while holding the Libra Blockchain to the highest security standard,” Aanchal Gupta, security director at Facebook subsidiary Calibra, said in a statement.
Such bounty programs are the norm in cybersecurity circles, offering significant value to the project with regards to both insights and public trust. Plus, Libra Association communications lead Dante Disparte added that the Libra testnet is still under development. As such, vulnerabilities found now could significantly impact the final version.
“Some of the initiatives that Libra Association is doing is very forward-thinking,” Jesse Spiro, head of policy at the blockchain analytics firm Chainalysis, told CoinDesk. “Having problems that are already beginning to be identified, by being very proactive and strategic, is a good thing.”
Overall, there are already developers experimenting with the Libra testnet, including dozens of teams that applied to the Libracamp program based in Israel, which isn’t officially affiliated with Facebook.
With regards to regulatory concerns, Disparte concluded the bug bounty press release by saying:
“We will not launch the Libra Blockchain until regulatory concerns have been taken into account and required regulatory approvals have been received.”
Facebook image via Shutterstock