Election App Voatz Just Got Kicked Out of a Major Bug Bounty Program

Bug bounty platform HackerOne severed ties with Medici Ventures-backed Voatz, the blockchain-based mobile voting app for breach of partnership standards.

The removal cuts off Voatz’ access to HackerOne’s network of “ethical hackers” who trade their expertise in finding code faults for cash. HackerOne partners with corporations interested in shoring up potential security vulnerabilities. Across 1,800 total relationships and eight years, selvom, it’s never before kicked a partner out, said representative Samantha Spielman.

Spielman said Voatz’ breach of “partnership standards” made the relationship unviable, despite the program’s past bug-hunting successes.

“As a platform, we work tirelessly to foster that mutually beneficial relationship between security teams and the researcher community," hun sagde. Spielman declined to elaborate on Voatz’ standards breach.

Voatz told CoinDesk in a statement that it regrets the relationship’s “temporary pause.” It said that HackerOne had caved to a “small group of researchers who, along with a few other members of the community, believe Voatz reported a researcher to the FBI.”

“This falsehood and misinformation has been a source of animosity toward Voatz and our partners, who face consistent attacks from these researchers,” the statement said.

West Virginia Secretary of State Mac Warner said in October 2019 that the FBI was investigating an attempted breach of the app during a pilot program in 2018. West Virginia has used the app in multiple pilots, and Warner maintains that no votes have been altered to date.

Voatz came under the spotlight in mid-February when a group of MIT researchers released a scathing write-up highlighting myriad apparent security flaws in the app. They alleged Voatz was essentially bunk, criticized its transparency and called up election officials considering the app to maybe think twice.

Voatz responded with its own torrent of criticism. In a sarcasm-laced februar 13 press release, it called the researchers’ report unfair and their “bad faith recommendations” irreparably flawed.

Imidlertid, earlier this month Trail of Bits published a report supporting the MIT researchersclaims. Voatz had commissioned Trail of Bits to analyze its platform.

Voatz began working with HackerOne in August 2018 and has paid out over $6,000 to researchers through “HackerOne and other avenues” since. It plans to announce its own bounty program “in the coming days.”

West Virginia has dropped its partnership with the company.

Afsløring Read More

Lederen i blockchain nyheder, CoinDesk er en medie, der stræber efter de højeste journalistiske standarder og overholder en streng sæt redaktionelle politikker. CoinDesk er en uafhængig drift datterselskab af Digital Valuta Group, der investerer i cryptocurrencies og blockchain opstarter.


Følg og kan lide os:

Efterlad et Svar

Dette websted bruger Akismet at reducere spam. Lær hvordan din kommentar data behandles.