Author: Gregory Maxwell 2017-09-12 17:57:32
Published on: 2017-09-12T17:57:32+00:00
In a recent post by Sergio Demian Lerner via bitcoin-dev, he raised concerns about researchers' inability to report vulnerabilities previously reported in the alt-coins which have different policies. The author of the post agreed with Lerner's point but wanted to clarify on the use of "can't." He stated that if someone wants to report something to the Bitcoin project, then they are at their mercy in how they handle it. However, if the researcher wants to go ahead and report common issues to something else with a different approach, they can. The author encouraged otherwise for issues that warrant it. In Bitcoin, most serious issues encountered were found by people 'inside the project.' It hasn't been so obviously the case for other open source projects the author has been involved with. However, finding additional issues often requires specialized experience that few people outside regulars have. Mozilla and the Chrome project fix serious issues based on internal discoveries which they do not make public, though they may coordinate with distributors on some of them. These experiences led the author to give the advice that one should not consider any computer that has ever run a web browser to be strongly secure.
Updated on: 2023-05-20T03:47:35.812336+00:00