Why Are We Failing to Properly Manage Open Source Software Security?
https://secureplanet.io/1790/why-are-we-failing-to-properly-manage-open-source-software-security
Open source software drives innovation. But without proper management, it can also expose the consumer, commercial and industrial customers to privacy violations and data theft.
Topic: [ANN][ICO] Secure Planet - Github for IoT Security (Read 974 times)
Bite-Sized White Paper #7: Avoiding the “Chicken Versus Egg” Scenario Part 1
https://secureplanet.io/1777/bite-sized-white-paper-7-avoiding-the-chicken-versus-egg-scenario-part-1
In this edition of the Bite-Sized White Paper series, we discuss how Secure Planet plans to equip its database with both repository content and contributor attention.
https://secureplanet.io/1777/bite-sized-white-paper-7-avoiding-the-chicken-versus-egg-scenario-part-1
In this edition of the Bite-Sized White Paper series, we discuss how Secure Planet plans to equip its database with both repository content and contributor attention.
Meet Liz, Manager of Marketing at Secure Planet
https://secureplanet.io/1770/meet-liz-manager-of-marketing-at-secure-planet
Liz Ma is the Manager of Marketing at Secure Planet and an expert in customer relations, frequently communicating with experts in open source software industries all over the world.
https://secureplanet.io/1770/meet-liz-manager-of-marketing-at-secure-planet
Liz Ma is the Manager of Marketing at Secure Planet and an expert in customer relations, frequently communicating with experts in open source software industries all over the world.
Bite-Sized White Paper #6: Secure Planet Rep Token
https://secureplanet.io/1757/bite-sized-white-paper-6-secure-planet-rep-token
In this edition of the Bite-Sized White Paper series, we explore Secure Planet's Rep Tokens - what they are and how to acquire them.
https://secureplanet.io/1757/bite-sized-white-paper-6-secure-planet-rep-token
In this edition of the Bite-Sized White Paper series, we explore Secure Planet's Rep Tokens - what they are and how to acquire them.
Will the incentive for new vulnerability discoveries, the award, or the amount of tokens to be gained, be consistent with the complexity of the vulnerability encountered?
The amount of tokens Secure Planet awards to contributors will vary depending on each individual case.Two major factors will determine the amount of awarded tokens. They are as follows:
- Popularity of the open source software containing the vulnerability - the higher the usage and/or adoption rate of the open source project, the higher the token amount
- Vulnerability severity ranking - the more critical the vulnerability, the higher the token amount
The code being opened, whoever finds bugs or some vulnerability in the code, the reward will also be high? For example, I find a vulnerability in popular open source software developed by Secure, so the award will be high?
The bounty price is determined by the usage level of the open source project that contains the reported vulnerability. The more widely the open source project is used, the higher the bounty price of the associated vulnerability. In addition to the bounty, reporters may also receive a severity bonus. This additional remuneration will be awarded based on the severity and impact levels of the submitted vulnerability, determined by Secure Planet’s verifying community.
Will the incentive for new vulnerability discoveries, the award, or the amount of tokens to be gained, be consistent with the complexity of the vulnerability encountered?
The amount of tokens Secure Planet awards to contributors will vary depending on each individual case.Two major factors will determine the amount of awarded tokens. They are as follows:
- Popularity of the open source software containing the vulnerability - the higher the usage and/or adoption rate of the open source project, the higher the token amount
- Vulnerability severity ranking - the more critical the vulnerability, the higher the token amount
The code being opened, whoever finds bugs or some vulnerability in the code, the reward will also be high? For example, I find a vulnerability in popular open source software developed by Secure, so the award will be high?
Bite-Sized White Paper #5: Tokenized Incentives Prevent Inaccurate Cataloging
https://secureplanet.io/1730/bite-sized-white-paper-5-tokenized-incentives-prevent-inaccurate-cataloging
In this edition of the Bite-Sized White Paper series, we delve into the Secure Planet Tokens, the currency that flows through the Secure Planet ecosystem.
https://secureplanet.io/1730/bite-sized-white-paper-5-tokenized-incentives-prevent-inaccurate-cataloging
In this edition of the Bite-Sized White Paper series, we delve into the Secure Planet Tokens, the currency that flows through the Secure Planet ecosystem.
Will the incentive for new vulnerability discoveries, the award, or the amount of tokens to be gained, be consistent with the complexity of the vulnerability encountered?
The amount of tokens Secure Planet awards to contributors will vary depending on each individual case.Two major factors will determine the amount of awarded tokens. They are as follows:
- Popularity of the open source software containing the vulnerability - the higher the usage and/or adoption rate of the open source project, the higher the token amount
- Vulnerability severity ranking - the more critical the vulnerability, the higher the token amount
Who decides whether a discovered vulnerability is severe or not? That's a process that can hardly be judged highly objectively. What does the scale for the ranking look like?
The severity of the security vulnerabilities, like the reporting of vulnerabilities themselves, will be determined through a crowdsourced voting process. Voting will take place for ten days and contributors must vote for one of two outcomes: 1) yes, the vulnerability is accurate and should be included in the database, or 2) no, the vulnerability not accurate and should be rejected from the database.
The “Yes” voters must also assign the “Vulnerability Score” using the CVSS calculator at
https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L. Their submissions will be averaged out to derive the official Vulnerability Score.
Once Secure Planet reveals the majority vote, the verifiers who voted on the winning outcome will be rewarded with SPX and Rep Tokens. Verifiers who chose the losing vote will lose Rep Tokens and receive no SPX.
Does anyone hold a majority in the network in the beginning or is the network more or less evenly distributed?
For the on-chain network, we are building our DApp on an existing platform. As a result, the network distribution will reflect the platform’s policies.
As for the off-chain server, we are leveraging our partnerships to host it. The network will be evenly distributed among partners, and we plan to increase our partnerships.
Featured on JoongAng Ilbo: Using Blockchain to Address Open Source Security Vulnerabilities
https://secureplanet.io/1711/featured-on-joongang-ilbo-using-blockchain-to-address-open-source-security-vulnerabilities
Joongang Ilbo sits down with our CEO Tae-Jin Kang to discuss Secure Planet, as well as his experiences that led to the development of our initiative.
https://secureplanet.io/1711/featured-on-joongang-ilbo-using-blockchain-to-address-open-source-security-vulnerabilities
Joongang Ilbo sits down with our CEO Tae-Jin Kang to discuss Secure Planet, as well as his experiences that led to the development of our initiative.
How to Whitelist The Secure Planet Team
https://secureplanet.io/1704/how-to-whitelist-the-secure-planet-team
If you experience trouble viewing Secure Planet newsletters in your main inbox, read on to find out how to whitelist our email address – [email protected] – for Gmail and Outlook.
https://secureplanet.io/1704/how-to-whitelist-the-secure-planet-team
If you experience trouble viewing Secure Planet newsletters in your main inbox, read on to find out how to whitelist our email address – [email protected] – for Gmail and Outlook.
Will the incentive for new vulnerability discoveries, the award, or the amount of tokens to be gained, be consistent with the complexity of the vulnerability encountered?
The amount of tokens Secure Planet awards to contributors will vary depending on each individual case.Two major factors will determine the amount of awarded tokens. They are as follows:
- Popularity of the open source software containing the vulnerability - the higher the usage and/or adoption rate of the open source project, the higher the token amount
- Vulnerability severity ranking - the more critical the vulnerability, the higher the token amount
Who decides whether a discovered vulnerability is severe or not? That's a process that can hardly be judged highly objectively. What does the scale for the ranking look like?
The severity of the security vulnerabilities, like the reporting of vulnerabilities themselves, will be determined through a crowdsourced voting process. Voting will take place for ten days and contributors must vote for one of two outcomes: 1) yes, the vulnerability is accurate and should be included in the database, or 2) no, the vulnerability not accurate and should be rejected from the database.
The “Yes” voters must also assign the “Vulnerability Score” using the CVSS calculator at
https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L. Their submissions will be averaged out to derive the official Vulnerability Score.
Once Secure Planet reveals the majority vote, the verifiers who voted on the winning outcome will be rewarded with SPX and Rep Tokens. Verifiers who chose the losing vote will lose Rep Tokens and receive no SPX.
Does anyone hold a majority in the network in the beginning or is the network more or less evenly distributed?
Secure Planet FAQ #2: Who Determines the Severity of a Vulnerability?
https://secureplanet.io/1670/secure-planet-faq-2-who-determines-the-severity-of-a-vulnerability
The severity of the security vulnerabilities, like the collection of vulnerabilities themselves, will be determined through a crowdsourced voting process.
https://secureplanet.io/1670/secure-planet-faq-2-who-determines-the-severity-of-a-vulnerability
The severity of the security vulnerabilities, like the collection of vulnerabilities themselves, will be determined through a crowdsourced voting process.
Bite-Sized White Paper #3: The First Bug Bounty Program for Open Source
https://secureplanet.io/1660/bite-sized-white-paper-3-the-first-bug-bounty-program-for-open-source
In this edition of the Bite-Sized White Paper series, we explore the need in the market for a security solution that prioritizes OSS – and how Secure Planet can fill this gap.
https://secureplanet.io/1660/bite-sized-white-paper-3-the-first-bug-bounty-program-for-open-source
In this edition of the Bite-Sized White Paper series, we explore the need in the market for a security solution that prioritizes OSS – and how Secure Planet can fill this gap.
Will the incentive for new vulnerability discoveries, the award, or the amount of tokens to be gained, be consistent with the complexity of the vulnerability encountered?
The amount of tokens Secure Planet awards to contributors will vary depending on each individual case.Two major factors will determine the amount of awarded tokens. They are as follows:
- Popularity of the open source software containing the vulnerability - the higher the usage and/or adoption rate of the open source project, the higher the token amount
- Vulnerability severity ranking - the more critical the vulnerability, the higher the token amount
Who decides whether a discovered vulnerability is severe or not? That's a process that can hardly be judged highly objectively. What does the scale for the ranking look like?
The severity of the security vulnerabilities, like the reporting of vulnerabilities themselves, will be determined through a crowdsourced voting process. Voting will take place for ten days and contributors must vote for one of two outcomes: 1) yes, the vulnerability is accurate and should be included in the database, or 2) no, the vulnerability not accurate and should be rejected from the database.
The “Yes” voters must also assign the “Vulnerability Score” using the CVSS calculator at
https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L. Their submissions will be averaged out to derive the official Vulnerability Score.
Once Secure Planet reveals the majority vote, the verifiers who voted on the winning outcome will be rewarded with SPX and Rep Tokens. Verifiers who chose the losing vote will lose Rep Tokens and receive no SPX.
How Can Blockchain Technology Prevent IoT Security Breaches?
https://secureplanet.io/1636/how-can-blockchain-technology-prevent-iot-security-breaches
Blockchain promises individuals control over their own information, which is why Secure Planet will leverage this technology to create our vulnerability database.
https://secureplanet.io/1636/how-can-blockchain-technology-prevent-iot-security-breaches
Blockchain promises individuals control over their own information, which is why Secure Planet will leverage this technology to create our vulnerability database.
Will the incentive for new vulnerability discoveries, the award, or the amount of tokens to be gained, be consistent with the complexity of the vulnerability encountered?
The amount of tokens Secure Planet awards to contributors will vary depending on each individual case.Two major factors will determine the amount of awarded tokens. They are as follows:
- Popularity of the open source software containing the vulnerability - the higher the usage and/or adoption rate of the open source project, the higher the token amount
- Vulnerability severity ranking - the more critical the vulnerability, the higher the token amount
Who decides whether a discovered vulnerability is severe or not? That's a process that can hardly be judged highly objectively. What does the scale for the ranking look like?
Bite-Sized White Paper #2: Open Source Software is a Low Hanging Fruit
https://secureplanet.io/1627/bite-sized-white-paper-2-open-source-software-is-a-low-hanging-fruit
In the second edition of these series, we weigh the merits of open source software against its risks - the combination of which make it a low-hanging fruit for hackers.
https://secureplanet.io/1627/bite-sized-white-paper-2-open-source-software-is-a-low-hanging-fruit
In the second edition of these series, we weigh the merits of open source software against its risks - the combination of which make it a low-hanging fruit for hackers.
Bite-Sized White Paper #1: IoT Security Trends and Challenges
https://secureplanet.io/1614/bite-sized-white-paper-1-iot-security-trends-and-challenges
The Bite-Sized White Paper series breaks down the Secure Planet white paper into shorter, digestible pieces so our readers can better understand what drives our mission.
https://secureplanet.io/1614/bite-sized-white-paper-1-iot-security-trends-and-challenges
The Bite-Sized White Paper series breaks down the Secure Planet white paper into shorter, digestible pieces so our readers can better understand what drives our mission.
Secure Planet on Coin Interview – November 6 @ 7PM Pacific Time
https://secureplanet.io/1602/secure-planet-on-coin-interview-november-6-7pm-pacific-time
Tune in to watch the Q&A with our CSO Andrew Jang and learn more about Secure Planet’s mission, technology, and next steps.
https://www.youtube.com/watch?v=qsOSpCiwvzk
https://secureplanet.io/1602/secure-planet-on-coin-interview-november-6-7pm-pacific-time
Tune in to watch the Q&A with our CSO Andrew Jang and learn more about Secure Planet’s mission, technology, and next steps.
https://www.youtube.com/watch?v=qsOSpCiwvzk
Secure Planet FAQ #1: How Many Tokens Can I Earn as a Contributor?
https://secureplanet.io/1586/secure-planet-faq-1-how-many-tokens-can-i-earn-as-a-contributor
The popularity of the open source software project and the severity of the detected vulnerability will determine the amount of tokens a contributor can earn.
https://secureplanet.io/1586/secure-planet-faq-1-how-many-tokens-can-i-earn-as-a-contributor
The popularity of the open source software project and the severity of the detected vulnerability will determine the amount of tokens a contributor can earn.
Jump to: