IOTA Announces Public Bug Bounty Program for Trinity Wallet
Since the launch of the initial Trinity Wallet, IOTA has announced that its Trinity Wallet bug bounty program is now open to the general public following months of developer-focused bug hunting on Bugcrowd. In an announcement posted on its official blog on October 24, 2018, IOTA revealed that public users can now earn money for discovering bugs in the wallet, which is intended to service non-technical IOTA community members.
Trinity Wallet Operating Framework
The Trinity wallet is currently a beta version of what will be a cross-platform crypto wallet designed for members of the IOTA community who are not involved in design or development. Since its release, it has enjoyed significant popularity with community members, offering them significant upgrades on previous versions in design, security, and platform compatibility.
Available both on desktop and mobile, the wallet was designed with React Native for Android and iOS devices, while Linux Windows and Mac OS device version were designed with Electron. The stated principal goal of the wallet is to improve security amidst a responsive and aesthetically pleasing user experience.
In line with normal development practice, a significant beta period was embarked on to enable adequate testing of the wallet’s security and operational framework, after which a bug bounty program was created on Bugcrowd to complement the development team’s effort with crowdsourced beta testing. Explaining why this was necessary in the announcement, IOTA said:
“The team has delivered a great product. However, even after the multiple external audits we’ve had on the Trinity Wallet, we understand that security isn’t something you ever finish. It’s a continual process.”
Public Bug Bounty Program
Following five months on running a private bug bounty program on Bugcrowd, IOTA is now bringing the general public in on its plans. According to IOTA, the purpose of this is to engage a global audience with the Trinity Wallet for fun, and hopefully gather useful information in the process including possible bugs. Users who discover bugs will be paid a bounty in line with the scale prescribed during the private bug bounty program.
The payment scale for bug finds will be based on the Bugcrowd Vulnerability Rating Taxonomy, which may be subject to upgrades or downgrades of bug priority at the discretion of the researchers. According to Bugcrowd, the payment for bug finds ranges from $100 for low priority bugs to as much as $1,500 for critical bugs.
There is a four-tier technical severity scale for bugs marking them as low priority, moderate priority, severe priority, and critical priority. Moderate priority bug finds will be paid up to $300 and several priority bug finds will be paid up to $900.
The move comes as the latest effort by IOTA to help along the mainstreaming of its Trinity Wallet after it launched in June 2018.