The Libra Association will launch a public bug bounty program this year as a major effort to strengthen the security of our blockchain. The Libra Bug Bounty Program will enable researchers to submit bugs and alert us to security and privacy issues and vulnerabilities early. It will encourage many more eyes on the blockchain design and implementation. With the launch of the Libra Bug Bounty Program, we strive to build an open and vibrant community of security and privacy researchers around the globe.
The Libra Bug Bounty Program reflects Libra’s principles of openness, transparency, and global access.
- Open and Vibrant Community: From the start, we have worked with a network of renowned researchers to solicit feedback and have woven their improvements into our design and implementation. As we progress, we want to continue to grow our research community, foster fruitful collaboration, and generate useful bug reports. We want to increase the reach and power of those helping to defend our blockchain for our users.
- Sharing Feedback: We want to highlight the best examples of the issues we reward. With our researchers’ permission, we will disclose and showcase the highest-quality submissions. We will be transparent about what was found and fixed to help everyone learn from these issues.
- Global Participation: The Libra Association is a global effort and so is the Libra Bug Bounty Program. We will be globally inclusive as we promote researcher contributions from all over the world and host bug bounty events in diverse locations.
Here is what you can expect from the Libra Bug Bounty Program when it is launched:
- Spotlights: Our bug bounties will scale its rewards based on severity and type. At times we will also highlight certain areas of the blockchain to attract research attention; we will offer bonus multipliers during these “spotlights.”
- Documentation and Easy On-Ramps: Blockchain hacking is difficult. We will strive to remove barriers to security research on our blockchain with best-in-class documentation and support. We will coordinate our developer and academic outreach efforts to amplify our reach and to assist with this onboarding.
- HackerOne Partnership: We will partner with HackerOne to support the Libra Bug Bounty Program. This tight partnership bolsters our commitment to bug bounty in both open source and blockchain programs.
We’re excited to open the Libra Bug Bounty Program to the public later this year. Please check back soon for more information.