Security Vulnerability Reporting

Strengthening Our Security, in Partnership with BugCrowd

As the world-leading blockchain infrastructure provider, Blockdaemon takes a security first approach to every aspect of our business. 

When it comes to security, we leave no stone unturned. It is why our clients trust us to deploy and maintain tens of thousands of nodes, across dozens of cutting edge networks.  A proactive approach to security is essential. As our business and technology scales at a rapid pace, so too does our vigilance. As part of this approach, we are pleased to announce our Vulnerability Disclosure Program, in partnership with BugCrowd, to further strengthen Blockdaemon’s armour. This partnership incentivizes and rewards security experts for identifying potential bugs. In the words of Vincent Kobel, Director of Security at Blockdaemon,

In the words of Vincent Kobel, Director of Security at Blockdaemon, “Constantly assessing the security of our applications and infrastructure is an essential part of our security program at Blockdaemon. Partnering with BugCrowd allows us to reach out to the global community and provide rewards in a streamlined fashion for any security researchers out there highlighting serious security issues.”

This partnership, and the benefits to both us and our clients, will evolve over time outlined in the 3 phases below:

Phase 1: Triage 

The first phase of the Vulnerability Disclosure Program has already started. This first phase will triage any incoming security bugs, by reporting them directly through the BugCrowd platform which you can fill out below. 

Phase 2: Private Managed Bug Bounty

By end of Q1 2022, we’ll kickstart the second phase called the “Managed Bug Bounty” program, with BugCrowd. 

This phase involves engaging private, crowd-sourced security researchers. These experts will attack (in a secure setting) and report vulnerabilities continuously, within a scope we’ll define to our partner BugCrowd. 

We’ll identify the researchers who report the highest-quality bugs or vulnerabilities. The quality will be assessed on criticality, meaning how important such findings are on Blockdaemon’s operations. From there, we’ll provide eligible researchers with monetary rewards. 

Phase 3 and Beyond

If successful, we’ll expand this program from semi-private to public. This will bring more eyes, expertise and experience. Together, this will allow us to identify and implement important changes and improvements to our platform. 

Wrap-Up

With the Vulnerability Disclosure Program program, Blockdaemon is taking strides towards a stronger future with even more robust security. By adopting such a program, we stand in line with industry best-practices. 

BugCrowd allows us to identify and remediate threats, before external bad actors. 

By leveraging best-in-class security researchers, with the help of BugCrowd, Blockdaemon is strengthening the shield surrounding our operations.