Libra Launches Bug Bounty Program, Rewards up to $10,000 for Critical Software Issues
The Libra Association has launched a bug bounty program for their testnet, with the goal of attracting more developers to audit their code base and reveal critical issues that could cripple the network, August 27, 2019. Rewards will go up to $10,000 depending on the severity of the bug, and Libra will reveal the most prominent bug reports on their website to give other coders a glimpse into what kind of bugs they should be looking for.
Given the size of Facebook and the number of large brand names backing Libra, it’s astonishing that they are opening a public bug bounty program.
It could be an attempt to cut fixed employee costs for the testers they would have had to hire, but it is still a positive move as it allows developers access to Libra’s code base.
The bug bounty program will be run on HackerOne, and the team has promised to publish detailed technical documentation to make it easier to understand the mechanics of the network.
Everyone around the globe is welcome to participate in the bounty as Facebook claims this is their first step in creating a vibrant and honest community. As per the announcement, it seems like Facebook has already consulted with well-known developers to find flaws in their code base, and this public bug bounty is meant to help build a community while also making minor refinements when spotted.
Libra Association Members
It was reported that members of the Libra Association may be trying to disassociate themselves with the project out of fear of regulatory backlash.
On their website, Libra still lists prominent names like MasterCard, PayPal, Stripe, Spotify, and Vodafone amongst others.
From a custody perspective, Libra has on-boarded three well known custodial agents: Coinbase, Xapo, and Anchorage. BTCManager reported that Coinbase had acquired Xapo, and these three companies along with BitGo enjoy a monopoly on custody as of now.
An inference that can be made from the information above is that Libra could be completely held by custodians who move it from account to account – sort of like a bank.
Given that most of the members of the consortium (in the payments sector) are those that are reliant on the current financial system thriving, this is a possibility.