The Libra Association launched its public bug bounty program on August 27, 2019. The Libra Bug Bounty program is intended to strengthen the security of the blockchain. It enables developers to submit bugs and alert the association to security and privacy issues and vulnerabilities to help ensure a scalable, reliable, and secure launch.
The program will encourage many more people with diverse skills and backgrounds to inspect and review the blockchain design and implementation. The Libra Bug Bounty program is part of a larger ongoing effort to build an open and vibrant community of security and privacy developers around the globe.
The Libra Bug Bounty program reflects the Libra Association’s principles of openness, transparency, and global access.
- Open and Vibrant Community: From the start, the Libra Association has worked with a network of renowned developers to solicit feedback and has woven their improvements into the design and implementation of the blockchain. As progress is made, it is crucial to continue to grow the research community, foster fruitful collaboration, and generate useful bug reports.
- Sharing Feedback: The highest quality submissions will be showcased (with permission) in order to highlight the best examples of the discovered issues the program has rewarded. There will be transparency around what has been found and fixed to help everyone learn from these issues.
- Global Participation: The Libra Association is a global effort and so is the Libra Bug Bounty program. The program will be internationally inclusive and will promote researcher contributions from around the world and host bug bounty events in diverse locations.
Here is what you can expect from the Libra Bug Bounty program:
- Documentation and Easy On-Ramps: To help remove barriers to security research on the blockchain, best-in-class documentation and support will be provided. Developer and academic outreach efforts will be coordinated to amplify reach and to assist with onboarding.
- Rewards: There will be a rewards program that is designed to encourage members of the security community to dig deep and help find even the most subtle bugs. Payouts will scale up to $10,000 for critical issues on the testnet.
- HackerOne Partnership: The Libra Association has partnered with HackerOne to support the Libra Bug Bounty program. This tight partnership bolsters the commitment to bug bounty in both open source and blockchain programs.