[bitcoin-dev] Mock introducing vulnerability in important Bitcoin projects
Prayank
prayank at tutanota.de
Mon Sep 27 01:52:41 UTC 2021
Good morning Bitcoin devs,
In one of the answers on Bitcoin Stackexchange it was mentioned that some companies may hire you to introduce backdoors in Bitcoin Core: https://bitcoin.stackexchange.com/a/108016/
While this looked crazy when I first read it, I think preparing for such things should not be a bad idea. In the comments one link was shared in which vulnerabilities were almost introduced in Linux: https://news.ycombinator.com/item?id=26887670
I was thinking about lot of things in last few days after reading the comments in that thread. Also tried researching about secure practices in C++ etc. I was planning something which I can do alone but don't want to end up being called "bad actor" later so wanted to get some feedback on this idea:
1.Create new GitHub accounts for this exercise
2.Study issues in different important Bitcoin projects including Bitcoin Core, LND, Libraries, Bisq, Wallets etc.
3.Prepare pull requests to introduce some vulnerability by fixing one of these issues
4.See how maintainers and reviewers respond to this and document it
5.Share results here after few days
Let me know if this looks okay or there are better ways to do this.
--
Prayank
A3B1 E430 2298 178F
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/attachments/20210927/529cb592/attachment-0001.html>
More information about the bitcoin-dev
mailing list