The release date for Facebook’s upcoming cryptocurrency Libra has not been disclosed yet but the company is planning on an early 2020 release. To avoid any post-launch bugs, Facebook is now offering up to $10,000 per bug (depending on the severity) to people who can find a flaw in Libra’s infrastructure which can cause a security risk.
The winner can choose to get paid in either fiat currency or cryptocurrency as the payout options include both.
Finding bugs before launching a blockchain-based product like Libra is very important as fixing a post-launch bug in a cryptocurrency infrastructure is far more complicated and difficult than fixing a post-launch bug in an app or service by rolling out updates.
The bug bounty program for Libra is also a great way to help the Libra digital currency to gain the public’s trust. Since Facebook announced its Libra project 2 months ago, it has received a negative feedback from US lawmakers who fear that this digital currency can be abused by the criminals. The company has already promised that it will not launch the cryptocurrency until all such concerns of lawmakers have been addressed, a process that would take quite some time.
The bug-hunting offer is open to everyone, and can be accessed through the official hub page on HackerOne, which outlines the complete details of the bug bounty program. All you need to participate is a HackerOne account and the reward will be subject to the terms and HackerOne’s disclosure guidelines.
Reporting and Guidelines
The guidelines make it clear that the participants are not prohibited under the applicable law from receiving any product or service from the Libra Association or HackerOne. The severity of an issue reported in its sole discretion will ultimately be determined by the Libra Association and the participants should keep in mind that not every software bug causes security issues.
The problem should be described in the report involving the security issues that have been listed under ‘In-Scope.’ The potential security issues that are excluded from this bounty program are also listed as ‘Out of Scope.’ It should also be disclosed in the report if the participant accidentally causes a privacy violation or disruption while investigating.
The report needs to be submitted through the Libra Security Page and only one issue can be reported in a single report which can be updated as well. The participants are not allowed to contact the Libra Association’s employees by any means and should only report the issue through the HackerOne forum.