BitShares Forum
Main => Technical Support => Topic started by: freedom on October 29, 2015, 12:12:05 am
-
Why Bitshares 2 not gone through a security audit?
-
Great question. Awaiting response.
-
I think the crux of the matter is that no one wants to spend their money on a security audit. Do you think that your cost benefit analysis might come out a little differently if you were talking about spending out of your own pocket?
If it's cheap, we can always do a worker proposal for it. Has anyone looked into the cost? I'm guessing it's prohibitive enough that we wouldn't even be able to get a worker proposal passed.
-
I think that is a necessary worker proposal. It should be done. Its the exact purpose of worker which is to improve the platform. I would support it.
-
Is there certain individual or group people have in mind? I believe this would be a great worker proposal.
-
I am making some assumptions here, and I could be totally off base. If we get a price on this I would not be surprised to see it come in over $100k. I personally don't think we should spend $100k on a security audit. I think that would be a waste of money that we should be paying to cryptonomex to improve bitshares. If I am wrong and we can get an audit for significantly less then I would be all for it.
-
If we want to get big money flowing it may be a necessary cost.
-
where can I view the result's of bitcoin's security audit?
Coinmarket cap, cost 4 biliion dollars.
-
where can I view the result's of bitcoin's security audit?
They have a full time security auditor:
http://bitcoinfoundation.org/bitcoin/welcome-sergio-lerner/
http://www.coindesk.com/bitcoin-foundation-sergio-lerner-security-role/
http://cointelegraph.com/news/113097/meet-the-bitcoin-foundations-newest-core-security-auditor-sergio-demian-lerner
-
where can I view the result's of bitcoin's security audit?
They have a full time security auditor:
http://bitcoinfoundation.org/bitcoin/welcome-sergio-lerner/
http://www.coindesk.com/bitcoin-foundation-sergio-lerner-security-role/
http://cointelegraph.com/news/113097/meet-the-bitcoin-foundations-newest-core-security-auditor-sergio-demian-lerner
Sergio Lerner used to be security consultant for BitShares on III times; before becoming Bitcoin core security auditor.
If we were going for an audit, and if he finds the time to., I think SDL wold be our best option.
-
It's more cost effective to allow a bank or some other industry player looking to adopt to pay for this. It doesn't matter if we have it done, they would have it done again anyways.
Security audits tend to be of more concern to closed source projects for obvious reasons.. open source projects are open to peer review.. so anybody who finds anything can certainly report and contribute.
Some things just never get found in a timely manner though... anybody remember the bleeding heart not to long ago? :)
-
There is a way of free audit on daily basis thanks to this: https://bitsharestalk.org/index.php/topic,19625.0.html
Of course this is not a replacement for true security audit, but in my opinion, this could help with small bugs :)