The Libra Association, backed by 28 companies including MasterCad, Visa, PayPal, eBay, Uber, Lyft, Farfetch and, of course, Facebook/Calibra, says it has built its Bug Bounty program as a “major effort to strengthen the security of our blockchain.” And it wants developers worldwide to identify bugs and flaws in the Libra blockchain before it arrives next year, when there will be real money from presumably millions of people at stake. According to the Libra Association, security researchers should know that the Libra’s blockchain technology is still in testnet, an early-stage version of its code, and that it won’t be launching until regulatory concerns and approvals have been sorted out.
Michael Engle, Head of Developer Ecosystem at the Libra Association, said in a blog post that those who assist the organization in discovering “the most critical issues” can receive up to $10,000 in rewards per bug report. That said, the Libra Association told Engadget it could pay more more or less than that sum, based on the type of vulnerability that someone brings to their attention.
Engle added that the goal with the Libra Bounty program is to encourage members of the security community to scrutinize the blockchain — which, to be clear, won’t feature any actual money during this test — and help the Libra Association find even the most subtle bugs. “With the launch of the Libra Bug Bounty, we are excited to build an open and vibrant network of security and privacy researchers around the globe,” he said. “We know it will take a global community to launch a global cryptocurrency, and we are committed to taking the time to get this right.”
Given that Facebook spearheaded the Libra Association, this bug bounty program shouldn’t come as a surprise. Facebook has been crowdsourcing security efforts for years now, having awarded millions of dollars to tipsters to date. Just last week, in fact, the company announced the expansion of its Data Abuse bounty program to Instagram, which will reward researchers who report third-party services that may be exploiting user data on the popular app.