Author: CryptAxe 2017-09-10 23:28:18
Published on: 2017-09-10T23:28:18+00:00
The bitcoin-dev mailing list has been discussing the challenges of disclosing vulnerabilities in altcoins that are running old, unpatched forks of Bitcoin Core. Matt Corallo expressed concern over the difficulty of disclosing issues without putting people at risk and encouraged discussion on reasonable approaches to take. Simon Liu also brought up the topic of "Bitcoin and CVEs," which had gone unanswered for six months. He suggested the community of clients and altcoins derived from Bitcoin Core could be patched for any known vulnerabilities, and asked if anyone kept track of security related bugs and patches. The discussion also touched upon the decentralized nature of the network and the challenge of forcing everyone to update. Suggestions such as a timeout period for vulnerabilities were proposed, where users would be expected to patch before publication of vulnerabilities.
Updated on: 2023-06-12T18:41:04.196783+00:00