Author: Matt Corallo 2017-09-10 23:02:36
Published on: 2017-09-10T23:02:36+00:00
A discussion on altcoins running old, unpatched forks of Bitcoin Core and the difficulty in disclosing issues without putting people at risk is encouraged. This was prompted by concerns over dos issues which are preventing the release of the alert key. Simon Liu via bitcoin-dev suggests discussing "Bitcoin and CVEs" following Chris Jeffrey's presentation at the Breaking Bitcoin conference and subsequent discussions around responsible disclosure and industry practice. The post refers to a list of Bitcoin Common Vulnerabilities and Exposures (CVEs) on the en.bitcoin.it wiki. There have been no new CVEs posted for almost three years except for CVE-2015-3641, but there appears to be no information publicly available for that issue. The post highlights the importance of patching known vulnerabilities in the community of clients and altcoins derived from Bitcoin Core and asks if anyone keeps track of security related bugs and patches where the defect severity is similar to those found on the CVE list above, and if so, can that list be shared with other developers.
Updated on: 2023-05-20T03:50:59.455913+00:00