Author: Alex Morcos 2017-09-11 11:34:33
Published on: 2017-09-11T11:34:33+00:00
The bitcoin-dev mailing list has initiated a discussion over the concern of altcoins running old, unpatched forks of Bitcoin Core. This makes it difficult to disclose issues without putting people at risk. Matt Corallo suggests discussing "Bitcoin and CVEs" which remained unanswered for six months. Simon Liu, another developer requests information about security-related bugs and patches. Anthony Towns suggests having a responsible disclosure timeline in place where vulnerabilities are reported privately and details are shared with a small group of trusted users before releasing official fixes. There are two points that make this more complicated, one being the number of altcoin developers who may or may not behave responsibly with the information, and the other being good security for Bitcoin is not defined by constant upgrading as much as it is knowing that the definition of money has not changed. Not disclosing vulnerability information can give everyone a false sense of security and encourage ignoring good security practices.
Updated on: 2023-06-12T18:41:41.080868+00:00