Author

Topic: [ANN][AUDIT] AuditStarter - the main crowdfunding platform in software security (Read 419 times)

newbie
Activity: 15
Merit: 1
As part of the AuditStarter project, our CTO Dmitry Kotelnikov wrote a manifesto. We are really interested in your opinion on the idea to attract and interest the community of ordinary users in the problem of software security (especially in the field of blockchain, where, as a rule, there is no centralized support service that you can contact and get an answer - how, where and why the funds/data disappeared).

Manifesto

What do you know about software security? I think no need to explain how important this is. Every day you use software in which you are not completely sure. Hacks, vulnerabilities, theft of data and finances occur every day, and as systems become more complex over the years, the security problem becomes more acute. Now we are fully confident that the software developers themselves must provide secure code. And in this we are right, but not always it turns out. Checking code for security or searching for vulnerabilities is often more expensive than writing this code itself.

Large companies are actively moving in this direction, providing us with a safe environment (operating systems). They have funds for security, they are able to release security updates in advance and conduct checks. But even they are at risk for many reasons, one of which is manifested in the absence of an independent parallel verification. Companies rely on their own security department, which can work very inefficiently. In addition to large software & OS development companies, there is a user’s (custom) software. This market is huge, and it is also critically vulnerable in terms of security and user protection. As practice shows, even free software (open source code - anyone can check) does not provide the proper level of security: for years in use libraries & software with vulnerabilities. Developers very often rely on the competence of their colleagues or the community and use potentially dangerous code that no one has ever checked (an example of using the open source library with the vulnerability in whatsapp, which is still in use by many applications). As for the little-known software, the situation in it is even worse: the developers simply do not have enough money even for the simplest verification. There are many examples, but not here and not now. At the moment, I am trying to pay increased attention to this problem in general terms.

I believe that it is necessary to change the approach to checks and methods of searching for vulnerabilities and software security breaches. It is necessary to introduce new approaches, increase the number of checks, attract the necessary funds for security with the participation of all interested parties. Necessary checks must be made in advance, rather than waiting for hacking and loss of information, count losses and eliminate vulnerabilities after their use by hackers. In addition, I consider it necessary to reduce the cost of these checks and increase their availability. It is also necessary to change the approach of security specialists to their programs, moving from firefighting (fixing vulnerabilities after hacking) to fire protection (previously tested secure code).

At the moment, there are already exists a lot of the necessary software for the verification. Of course, its wider application is necessary. But no software cannot replace verification by human. Certainly, the checks do not guarantee the elimination of all vulnerabilities in 100%, but undoubtedly improves the quality and security of the code. Each parallel inspection also increases the probability of finding a vulnerability and increases the security of the software.

In the field of security, it is necessary to use blockchain technology, which will make it possible to create a unified decentralized database of signed verified software releases with a history of checks and verifiers. Also, the development of web3, requires enhanced integration between users and developers in the field of software security.

The main message of this manifesto is to get the attention of the user`s community to the safety of the software used. Users should not just rely on the integrity of developers. Users should be aware of whether the security checks for the software they use have passed. Users should be interested in bringing together user communities, developer communities, and software security professionals. Everyone will benefit from such a union. Users will have confidence that the software they use is safe, and developers will have confidence that their code is safe. Currently, user participation is necessary for many reasons, the main of which is the reduction in the cost of checks, an increase in the number of checks and feedback from specialists in the field of software security. The community of software users far exceeds the community of specialists in the field of software security. And even a small participation of users able to significantly improve security and become more confident in the future. Together we will make this world a little better!
newbie
Activity: 15
Merit: 1
Yes exactly. Can citizens (like the US) buy your tokens?

Because of well-known events (SEC), and because we are completely in the legal field - US citizens cannot purchase our tokens.
newbie
Activity: 7
Merit: 0
Yes exactly. Can citizens (like the US) buy your tokens?
newbie
Activity: 15
Merit: 1
What kind of restrictions do you have for token sale?

What do you mean, restrictions for citizens of some countries?
newbie
Activity: 7
Merit: 0
What kind of restrictions do you have for token sale?
newbie
Activity: 15
Merit: 1
The Pre-Sale will end on April 30, 2020.
legendary
Activity: 1960
Merit: 1026
i saw that you have a presale but i don't see any info regarding when will this presale ended and how much it's currently already sold?
newbie
Activity: 15
Merit: 1
Dear Colleagues,
We would like to see more constructive criticism of the project. It actually helps the project move forward.
Thanks in advance!
newbie
Activity: 15
Merit: 1
Thanks for the clarification. So it means, you need to attract auditors on your platform? What are your selling points to them that will make them register on your website? Because most of the time, the services are only good at the start but as time goes by, either the services deteriorate or very tough to get clients. Do you have programs that will make both parties stay and utilize your platform?

I will quote my answer above:

Company auditors will be happy to join our platform. They do not lose anything, but only receive a constant influx of orders. Based on the fact that there will be enough auditors, competition will develop, and "natural selection" will accordingly take place on the basis of the rating.

The ideology of the platform is to make the audit of ANY software more accessible. We bring together communities of users, developers and auditors into a single whole. It’s like when UBER came to the market:using a taxi has become easier and more convenient (ordering a taxi through the application, and not like before- catching a car on the street or ordering by phone). And also it has become much cheaper.

Briefly for each group:

Users
The platform is an ideal place where ANY user can leave a request for verification, for example, Electrum wallet. I think now, after the hacking of this wallet has already happened, the user community will want to know about the possibility of additional vulnerabilities, and will support of this campaign by the contributions. The quantity of software used is very great. Software updates are constantly coming out. And they also need to be checked. Software audit is not only in demand in the blockchain ecosystem; there are many other software and the platform will work in all directions. However, it is here, in the blockchain ecosystem, that such a service is most in demand due to the complexity (relative novelty) of the technology, as well as the enormous financial losses incurred as a result of the actions of hackers in recent years.

Developers
The platform is an ideal place where developers can quickly find auditors, choose and pay for an audit. Or, if there is not enough money to verify their own code and their software is in demand, they can order an audit for free (via contributors).

Auditors
On the one hand, the Platform provides a constant stream of orders for auditors and guarantees payment, on the other hand, the rating system will stimulate them to carry out orders efficiently.

The ideal scheme for the interaction of all three sides of the software community.
sr. member
Activity: 1988
Merit: 275
Auditing aspect needs a sufficient number of staff to perform their duties satisfactorily. Aside from the 2 members published as part of the team, how many of your staffs are really working on this project? At least approximate number of people who are working full time for this platform?

AuditStarter does not conduct an audit on its own.
Audit companies are register on the platform, including proven and well-known ones. Auditors are interested in the platform as a source of a standing orders and the possibility of choosing them.

When a user initiates a new campaign (audit request) of any software, the auditors are notified of the new order. Auditors provide cost of audit and deadlines of audit campaign. The community of contributors selects an executor by voting.

In case the registered developer started the audit campaign of its own software  and fully guarantees payment, he selects the executor (auditor) by his own.

As for the team, we will certainly expand our team immediately after receiving the first investment.

Thanks for the clarification. So it means, you need to attract auditors on your platform? What are your selling points to them that will make them register on your website? Because most of the time, the services are only good at the start but as time goes by, either the services deteriorate or very tough to get clients. Do you have programs that will make both parties stay and utilize your platform?
newbie
Activity: 15
Merit: 1
According to auditors form of applience from web page, you do not have own auditors and gonna use oursource auditors. Theb how can you tell that your idea of audit will be successful, if you dont have your own auditor and can not be responsible for auditors experience?

The Platform are not responsible for the experience of the auditors. Users themselves select the auditors from those declared for the audit campaign by voting. Good or bad auditor- decides community. The platform (as arranged in other similar services) only assigns a rating to auditors based on feedback from the community of contributors (after submitting the final audit report, contributors can evaluate the auditor).

When filling out the form of an auditor on our platform, companies indicate the scope of their activities (blockchain, banking, apps, web,  etc.) and also fill out data on their experience and previous audits (outside our platform). This information can be found in the profile of the auditor.

Company auditors will be happy to join our platform. They do not lose anything, but only receive a constant influx of orders. Based on the fact that there will be enough auditors, competition will develop, and "natural selection" will accordingly take place on the basis of the rating.

Users can vote against all candidates. In this case, the campaign will not be started. And even if the campaign has begun and force majeure has occurred (not completed / failed by deadlines, etc.), all collected funds will be returned to contributors.
legendary
Activity: 2492
Merit: 1215
According to auditors form of applience from web page, you do not have own auditors and gonna use oursource auditors. Theb how can you tell that your idea of audit will be successful, if you dont have your own auditor and can not be responsible for auditors experience?
newbie
Activity: 15
Merit: 1
Auditing aspect needs a sufficient number of staff to perform their duties satisfactorily. Aside from the 2 members published as part of the team, how many of your staffs are really working on this project? At least approximate number of people who are working full time for this platform?

AuditStarter does not conduct an audit on its own.
Audit companies are register on the platform, including proven and well-known ones. Auditors are interested in the platform as a source of a standing orders and the possibility of choosing them.

When a user initiates a new campaign (audit request) of any software, the auditors are notified of the new order. Auditors provide cost of audit and deadlines of audit campaign. The community of contributors selects an executor by voting.

In case the registered developer started the audit campaign of its own software  and fully guarantees payment, he selects the executor (auditor) by his own.

As for the team, we will certainly expand our team immediately after receiving the first investment.
sr. member
Activity: 1988
Merit: 275
Often, developers take part of their own code from open sources that no one has tested. A lot of people think: this is an open source and anyone can check it, but no one does this, relying on others. Some of the developers doesn't have time, someone doesn't have money for an audit. Of course, developers are interested in third-party audit. Especially if it is free for developer.  Moreover, developers according to the results of the audit receive a confidential extended vulnerability report. And only a short audit report becomes a public.

I didn’t ask about that. It’s clear that some developers will be happy with the free way to check their code. I asked: would another part of the developers want to show their bugs?

We are all a human beings and we are all subject to errors. It would be better for the developer and his prestige if his mistakes will be found during the audit and those mistakes will not be used by hackers for personal benefit. So, yes! The developers themselves interested in officially showing their vulnerabilities.

Auditing aspect needs a sufficient number of staff to perform their duties satisfactorily. Aside from the 2 members published as part of the team, how many of your staffs are really working on this project? At least approximate number of people who are working full time for this platform?
newbie
Activity: 15
Merit: 1
Often, developers take part of their own code from open sources that no one has tested. A lot of people think: this is an open source and anyone can check it, but no one does this, relying on others. Some of the developers doesn't have time, someone doesn't have money for an audit. Of course, developers are interested in third-party audit. Especially if it is free for developer.  Moreover, developers according to the results of the audit receive a confidential extended vulnerability report. And only a short audit report becomes a public.

I didn’t ask about that. It’s clear that some developers will be happy with the free way to check their code. I asked: would another part of the developers want to show their bugs?

We are all a human beings and we are all subject to errors. It would be better for the developer and his prestige if his mistakes will be found during the audit and those mistakes will not be used by hackers for personal benefit. So, yes! The developers themselves interested in officially showing their vulnerabilities.
newbie
Activity: 7
Merit: 0
Often, developers take part of their own code from open sources that no one has tested. A lot of people think: this is an open source and anyone can check it, but no one does this, relying on others. Some of the developers doesn't have time, someone doesn't have money for an audit. Of course, developers are interested in third-party audit. Especially if it is free for developer.  Moreover, developers according to the results of the audit receive a confidential extended vulnerability report. And only a short audit report becomes a public.

I didn’t ask about that. It’s clear that some developers will be happy with the free way to check their code. I asked: would another part of the developers want to show their bugs?
newbie
Activity: 15
Merit: 1
Well, apparently, since nobody criticizes, then everyone likes your idea. Question: are the developers themselves interested in officially showing their vulnerabilities?

Often, developers take part of their own code from open sources that no one has tested. A lot of people think: this is an open source and anyone can check it, but no one does this, relying on others. Some of the developers doesn't have time, someone doesn't have money for an audit. Of course, developers are interested in third-party audit. Especially if it is free for developer.  Moreover, developers according to the results of the audit receive a confidential extended vulnerability report. And only a short audit report becomes a public.
newbie
Activity: 15
Merit: 1
Thank you for your attention to the project. We expected to see approximately such questions.

There is no whitepaper and roadmap yet but is it still in process ??
There was a technical delay. Now both Whitepaper and Roadmap are available at the link above in the description or here is a direct link to WP .

 
Private sale - only 15% and it is divided into 2 rounds. Why is this sale a little compared to the others?
These funds (Privat Sale, Token Sale 1,2) are estimated to be enough to the full development, launch, promotion and for functioning of the platform. In fact, this is Hard Cap.

Token Reward - only 85% I mean, I don't understand if this is for the past campaign to be locked for 10 years.
Token Reward is not for sale. Token Reward is a reward to community members (contributors) for participating in campaigns (audit campaign contributions). Token economy (market value) directly depends on the absence of inflation. In order not to depreciate our AUDIT token, we block the entire amount of Token Reward for 10 years and will unlock in equal parts every month to pay rewards to community members.
The token itself will be constantly in demand for contributions to the campaign and for payment to auditors.It is therefore, we have a strong vision that the value of our token will be constantly maintained at the proper level.

Tim - is the team just the two of us?
At the design and development stage, there was enough. Upon receipt of further investment, the team will certainly be expanded.

P.S. We will also take additional criticism of the project with pleasure and will answer your other questions.
sr. member
Activity: 1092
Merit: 250
There is no whitepaper and roadmap yet but is it still in process ??
Private sale - only 15% and it is divided into 2 rounds. Why is this sale a little compared to the others?
Token Reward - only 85% I mean, I don't understand if this is for the past campaign to be locked for 10 years.
Tim - is the team just the two of us?
newbie
Activity: 7
Merit: 0
Minimanifesto
Crypto-hacking, theft of coins, software vulnerabilities and community reaction to this.


Ladies and gentlemen!
I get the impression that the constant numerous hacks and thefts of crypto assets (coins) through vulnerabilities in software have become commonplace in the crypto world. That is, no one is surprised, for example, hacking one of the largest wallets (e.g. Electrum). It's like another fall of the Elon Musk’s SpaceX Falcon rocket. Well, it fell and fell, someday it will definitely fly normally; well, hacked and hacked (stolen and stolen) - someday it will work normally and safely.
-This is a problem that affects EVERYONE in the cryptocurrency ecosystem.
-This is a problem that affects so many users in the world of conventional software.
-This is a headache for the developers themselves, who cannot (for various reasons) check / test their code for vulnerabilities.


Based on this, the concept of the Auditstarter crowdfunding platform was invented: Any ordinary user (or developer) can submit free a simple request for the inspection of any software. And if this request is supported by the community (contributors), then checking the code for vulnerabilities will be much easier, cheaper and faster. And this, actually, will make the software world more convenient and safer.

But I do not see any reaction from colleagues in the forum to this idea. You, at least, write that this idea is cr@p this idea will not work because: ...
Well, apparently, since nobody criticizes, then everyone likes your idea. Question: are the developers themselves interested in officially showing their vulnerabilities?
newbie
Activity: 15
Merit: 1
Minimanifesto
Crypto-hacking, theft of coins, software vulnerabilities and community reaction to this.


Ladies and gentlemen!
I get the impression that the constant numerous hacks and thefts of crypto assets (coins) through vulnerabilities in software have become commonplace in the crypto world. That is, no one is surprised, for example, hacking one of the largest wallets (e.g. Electrum). It's like another fall of the Elon Musk’s SpaceX Falcon rocket. Well, it fell and fell, someday it will definitely fly normally; well, hacked and hacked (stolen and stolen) - someday it will work normally and safely.
-This is a problem that affects EVERYONE in the cryptocurrency ecosystem.
-This is a problem that affects so many users in the world of conventional software.
-This is a headache for the developers themselves, who cannot (for various reasons) check / test their code for vulnerabilities.


Based on this, the concept of the Auditstarter crowdfunding platform was invented: Any ordinary user (or developer) can submit free a simple request for the inspection of any software. And if this request is supported by the community (contributors), then checking the code for vulnerabilities will be much easier, cheaper and faster. And this, actually, will make the software world more convenient and safer.

But I do not see any reaction from colleagues in the forum to this idea. You, at least, write that this idea is cr@p this idea will not work because: ...
newbie
Activity: 15
Merit: 1
Do you plan to list on exchanges? I didn’t find information on the site

Hello. We are now engaged in the study of the issue:- where better to list an AUDIT token.

newbie
Activity: 7
Merit: 0
Do you plan to list on exchanges? I didn’t find information on the site
newbie
Activity: 15
Merit: 1
Reserved for future updates.
jr. member
Activity: 126
Merit: 7
  https://www.auditstarter.com



l        SITE         l         MVP SCREENSHOTS         l        WHITEPAPER        l        TEAM          l           FOR AUDITORS         l         TWITTER        l        TELEGRAM        l        CONTACTS       l


P.S. Ladies and Gentlemen. We are constantly working on some changes or additions.
Some of the links above may not display correctly. In the near future we will definitely fix it.
Sincerely, Team AuditStarter


Jump to: