File Photo
The Hyperledger project has opened the doors of its bug bounty program to the public.
Hyperledger[1] is an open-source project and hub for developers to work on blockchain technologies.
The Hyperledger infrastructure is being developed in order to support cross-industry uses of distributed ledger technologies, most commonly associated with the exchange of cryptocurrency.
Hosted by the Linux Foundation, Hyperledger focuses on cross-industry support for distributed ledger frameworks, smart contracts, and libraries, and already supports a range of business-based blockchain frameworks and transactional applications.
While Hyperledger is an important initiative for businesses to utilize the blockchain safely and with a potential ROI, security is a crucial ingredient of the project's success.
Over the past six months, the Hyperledger team has operated a private bug bounty program with HackerOne. This allowed developers and security researchers to test the waters, ironing out any communicative or disclosure issues before going public.
Now, Hyperledger has a public bug tracker, a full vulnerability disclosure policy, and compliance systems in place. The next stage, revealed on Tuesday[2] by Hyperledger team member Dave Huseby, is the launch of a public bug bounty program.
The public program[3] only includes Hyperledger Fabric at present as a target for bug hunters to ferret out vulnerabilities, but Hyperledger Sawtooth and other frameworks are on the radar and are expected to be added to the program soon.
HackerOne is hosting and administering the program. Rewards range from a minimum of $200 for a low-severity bug to at least $2000 for the discovery of a critical vulnerability.
"At Hyperledger we have a broad base of committed developers and it is their professionalism that makes our security process solid and straightforward," Huseby says.