Author: Simon Liu 2017-03-21 02:47:31
Published on: 2017-03-21T02:47:31+00:00
Simon is concerned about vulnerabilities in Bitcoin which may have been fixed but not publicly disclosed. He refers to a list of Bitcoin Common Vulnerabilities and Exposures (CVEs) which has not been updated for almost three years, except for CVE-2015-3641. However, there appears to be no information available on that issue. Simon suggests that it would be beneficial for end-users if clients and altcoins derived from Bitcoin Core could be patched for known vulnerabilities.He asks if anyone is keeping track of security-related bugs and patches, similar in severity to those found on the CVE list, and if that list can be shared with other developers. Simon is also concerned that if fixes have been committed with discreet log messages, it may be difficult for third parties to identify and assess the importance of any critical patches.Lastly, Simon is curious to know what has changed since 2014 that resulted in the defect rate, at least based on the list of publicly reported CVEs, falling to zero. He wonders if there was a change to the development process or introduction of a bug bounty.
Updated on: 2023-05-20T01:05:12.233427+00:00