Distributed database that is used to maintain a continuously growing list of records, called blocks
Today, July 23th, Parity Technologies anounced the launching of their bug bounty program, following the vulnerability found in the Parity wallet, which resulted in at least $30 million theft.
As the company reports in its blog, the recent events have shown them that it's not always enough to have good programmers, open-source software and peer reviews in order to ensure no critical bugs make it through to release. Yet, there is inevitably some degree of duplication that this regrettably implies across any given software's user base.
Thus, Parity is starting a bug-bounty program. In other words, the team appeals to the community to help itself.
In order to minimise any potential technical security issues the bounty funds will be initially collected into a cold-wallet account managed by Parity, the company claims. This will be transitioned into a multi-sig once Parity has finalised who the trustees/"owners" of the multi-sig will be that will judge and administer any payments to be made from the fund.
Parity bug bounty program
Anyone who would like to contribute to the Bug Bounty Programme should send funds to the address shown on the screenshot or if using Parity Wallet, the name
Is an open-source blockchain-based distributed computing platform featuring smart contract functionality, which facilitates online contractual agreements
The program will initially cover the Parity Ethereum client for the latest released versions of
stable branches, together with staging branches during the QA period prior to a release. It will be a narrow-focussed fund covering specifically security issues, rather than more general setup, crashing or consensus issues. Depending on feedback from donors, this may be extended in scope at a later time, to cover areas of consensus and other clients and infrastructure that do not currently have a bug-bounty program, ParityTech claims.
The initial targets of this will be Parity's key management (to ensure secrets cannot be compromised or misused), Parity's auto-update
Operations contract and Parity's multi-signature
In addition, Parity will be reaching out to a number of well-respected security professionals and teams to create a club of bounty-hunters in the near future.