Thanks a lot for your feedback.
We like to transparent about security and privacy as they are so often overlooked.
We are obviously indebted to security researchers for discovering and raising issues.
I think offering publicity/ permanent links to articles/ thanks is probably more effective than a bug bounty as reputation is the real currency for security research.
Topic: Big Thanks to MultiBit for their security and privacy policies (Read 668 times)
I find it so brilliant, that You have such good and transparent documented principles and processes, like the ones linked in the Bit-flipping-attack vulenrabilty disclosure:
Responsible disclosure process.
Privacy policy
It's just so ideal and exemplary.
I have never seen such a good handling of security and privacy issues. To be good there, it's also significant to be simple and clear. And so few have the courage, to be it. In my experience, for good reasons.
The vast majority of IT projects/companies either are intransparent regarding security/privacy, or state that they have no policy or just store forever (like this forum project, see the answer for my request for a forum privacy policy statement here), or e.g. if You want to write an job application, I have never seen a PGP key offered for hopefully at least more secure transmission of the private data or a simple transparent privacy policy regarding that private application data).
So: Many, many thanks to You, that You give such good input to the IT world!
Regarding bug bounty: Maybe it would be a good motivation, to give security researchers some monetary benefit of their work. What about a bitcoin donation address for bug bounty?
Responsible disclosure process.
Privacy policy
It's just so ideal and exemplary.
I have never seen such a good handling of security and privacy issues. To be good there, it's also significant to be simple and clear. And so few have the courage, to be it. In my experience, for good reasons.
The vast majority of IT projects/companies either are intransparent regarding security/privacy, or state that they have no policy or just store forever (like this forum project, see the answer for my request for a forum privacy policy statement here), or e.g. if You want to write an job application, I have never seen a PGP key offered for hopefully at least more secure transmission of the private data or a simple transparent privacy policy regarding that private application data).
So: Many, many thanks to You, that You give such good input to the IT world!
Regarding bug bounty: Maybe it would be a good motivation, to give security researchers some monetary benefit of their work. What about a bitcoin donation address for bug bounty?
Jump to: