Topic: [ANN] [HACKEN] FIRST DECENTRALIZED MARKETPLACE FOR WHITE HAT HACKERS - page 174. (Read 87326 times)

Each bug found can be used right against you if the hacker knows what he's doing. Some of the black hat ones doesn't even care about the money they would receive as long as they can taste the power of taking control over things. Just my vision, there is nothing wrong in this project @root
A good opportunity for hackers to find each other in one community don't you think?

reserving croatian translation

Good to see all those question aswered with details. I learned a lot about the project thanks to this discussion.

Thanks for your detail answer. What is more important is you take every question and answer it. I want to clarify my last question:

Let say a client hire Hacken platform to check its product vulnerability. Client paid bug bounty to Hacken platform to be release to successful candidate. Hacken platform propagate information regarding this project on blockchain. Now assume there are 10 bugs (I know that no body knows about exact number of bugs) with severity: 1 critical, 2 high, 3 low, 2 blocker and 2 trivial. One hacker found all but critical bug. He/she reports 9 bugs in the system. He/she gets paid. One hour later other hacker reports 6 bugs as 1 critical, 2 high and 3 low.

Will he be paid? Or he should not report as bug bounty is closed?

The question from @Maxicripto is also relevant. Why are we here? Just because of decentralize-trustless environment. Where law of code works not trust. In the Hacken platform we have to trust the negotiation servers and at the end humans. So first they have to be decentralize one way or another. But in my opinion it is technically impossible for a code to negotiate between real parties in the current scenario. So at least information should be encrypted and/or in a vault until client (if code is private) or client and public (if code is public) is satisfied. But my above question is still valid.

Regards,

Lalit

Thank you Hacken Project.  I see it now and am wearing the signature.  It looks like i'm the first person to sign up for the signature campaign.  Makes me feel special.  haha.   

Hallo!
Signature campaign codes could be find here -
https://medium.com/@hacken/hacken-bounty-campaign-6eaf46f956db

signature bounty section

Unreported Zero Day Remuneration Platform will acquire original and previously unreported zero-day research affecting major operating systems, software and devices, e.g. binary vulnerabilities.
The research submitted to Zero Day Remuneration Platform will be available via subscription feed. The access to Zero Day Subscription is now regulated in some jurisdictions and will be limited primarily to vendors and law enforcement agencies. The Platform will be subject to annual audit by one of the major auditing organizations.
Do you really think we will work for several years to acquire reputation and recognition in zero day cybersecurity market, which is very conservative, and then risk it all for a one time profit?

Thank you for your question - her is answer for it:
Your question consists of a number of separate questions of their own. We answer them in the order in which they are mentioned in your post:
‘I assume that only data related to product is shared on blockchain not the product release and source files itself’
This assumption is correct. We only use blockchain to issue HackenProof Vulnerabilities and Countermeasures Certificate and to prove authenticity of its contents ( number of vulnerabilities was fixed, client reaction) and timestamps. We store no customer sensitive information in the blockchain.
Now, if a white hacker finds bugs or vulnerabilities, where he/she will share this information, on the blockchain or to some centralized servers?
The researcher will share this information to our web portal HackenProof platform via bug bounty participant panel.
Who will authenticate that found bugs etc are relevant and hacker has to be paid for this?
The technical team of the client will investigate the vulnerabilities and determine whether they are relevant. The terms and rules of the bug bounty program will be stipulated by the document called policy.
Policy will contain all the information covering the depth and scope of the work to be performed by the researchers. It will explain to researchers what the customer needs.
We will also use policy as a proof of the customer’s intentions in an unlikely event of conflict between the client and the researcher regarding the relevance of the vulnerability that was discovered. If the client disagrees with our understanding of the policy, the incident will be submitted to the Public Board of Trustees of Hacken Ecosystem for further mediation.
And what if other hacker found more bugs in the same product? Will he/she paid again for this?
We are not sure we understand this question. The bug bounty program can have as many participants as the clients decides. They will be all submitting bug reports, which will be sorted chronologically and grouped by the issues covered.
The purpose of the bug bounty program is to discover as many bugs as possible within the scope determined by the client. Each participant of the bug bounty program gets paid proportionally to the number of bugs discovered, reported and accepted by the client.

When will the signature campaign codes available?  Thanks.

This projects looks promising. Im reading your whitepaper.

In the meantime, I already registered for translation and twitter bounties!

Good luck with your project

Ok, now the picture is somewhat clearer. Clients will use the Hacken platform and submit their product information and use Hacken Token for payment. I assume that only data related to product is shared on blockchain not the product release and source files itself. Now, if a white hacker find bugs or vulnerabilities where he/she will share this information, on the blockchain or to some centralized servers? Who will authenticate that found bugs etc are relevant and hacker has to be paid for this? And what if other hacker found more bugs in the same product? Will he/she paid again for this?

Hacken is a very interesting and unique project.  Hope to see some Mr. Robot's on the Hacken platform. 

Yes, you are right!Simply to say -Hacken is a token to buy-sell cybersecurity services.
Here is how Hacken Ecosystem help security professional and consumer linked with each other and about use of blockchain:

We are building platform, that is providing Cebersecurity services, and when clients of our platform sign the bug bounty program agreement, our team creates a relevant blockchain block containing data about the product, the terms of service agreement and a timestamp.
The next block of the chain, which is specific to this client, will contain information on vulnerabilities, discovered during our security research.
Also we will build Cybersecurity Analytics Center, with such areas of research: Blockchain security, vulnerabilities and countermeasures.
All services are charged ONLY in Hackens.

Nowadays, the most convenient way of making money is investing in something. But it is necessary to be in line with the latest trends not to lose your capital and make a fortune.
For this purpose, we have prepared a simple guide of how the price of Hacken's token will be formed and which value it would bring to each party.

You can read more here:

https://medium.com/@hacken/hackens-burning-principle-and-its-value-for-white-hat-hackers-and-investors-8f865e34d4d6

So, May I say that Hacken is a token to buy-sell cybersecurity services. But how Hacken Ecosystem help security professional and consumer linked with each other? What type of services or products can be distributed through blockchain technology and not by traditional markets.

This is interesting article feeling great about the future of this project. This concept is really awesome this one will be mega project in future the team is trying to bring a new revolutionary concept.

Good news!

White Hat Hackers Would Get Custom-Tailored Cryptocurrency very Soon


https://medium.com/@hacken/white-hat-hackers-would-get-custom-tailored-cryptocurrency-soon-6429aad91f48

Yes, Polish language is welcome.

Please send us the overview of your previous translation experience. Use this email address for that - [email protected]

Good read, following you on medium for more info.


BTW I want to reserve Polish translation and ask some questions but I didn't recieved an answer from bounty manager in a few days.

If you wonder -  How HackenProof Marketplace can and will help SME?

https://medium.com/@hacken/how-hackenproof-marketplace-will-help-sme-b8d16fbfb1d9

Read our Medium blog for interesting features about Hacken.