Election App Voatz Just Got Kicked Out of a Major Bug Bounty Program
Bug bounty platform HackerOne severed ties with Medici Ventures-backed Voatz, the blockchain-based cell voting app for breach of partnership requirements.
The elimination cuts off Voatz’ entry to HackerOne’s community of “ethical hackers” who commerce their experience find code faults for money. HackerOne companions with companies enthusiastic about shoring up potential safety vulnerabilities. Across 1,800 whole relationships and eight years, although, it is by no means earlier than kicked a accomplice out, mentioned consultant Samantha Spielman.
Spielman mentioned Voatz’ breach of “partnership standards” made the connection unviable, regardless of this system’s previous bug-hunting successes.
“As a platform, we work tirelessly to foster that mutually beneficial relationship between security teams and the researcher community,” she mentioned. Spielman declined to elaborate on Voatz’ requirements breach.
Voatz informed CoinDesk in a assertion that it regrets the connection’s “temporary pause.” It mentioned that HackerOne had caved to a “small group of researchers who, along with a few other members of the community, believe Voatz reported a researcher to the FBI.”
“This falsehood and misinformation has been a source of animosity toward Voatz and our partners, who face consistent attacks from these researchers,” the assertion mentioned.
West Virginia Secretary of State Mac Warner mentioned in October 2019 that the FBI was investigating an tried breach of the app throughout a pilot program in 2018. West Virginia has used the app in a number of pilots, and Warner maintains that no votes have been altered so far.
Voatz got here below the highlight in mid-February when a group of MIT researchers launched a scathing write-up highlighting myriad obvious safety flaws within the app. They alleged Voatz was primarily bunk, criticized its transparency and referred to as up election officers contemplating the app to possibly suppose twice.
Voatz responded with its personal torrent of criticism. In a sarcasm-laced February 13 press launch, it referred to as the researchers’ report unfair and their “bad faith recommendations” irreparably flawed.
However, earlier this month Trail of Bits printed a report supporting the MIT researchers’ claims. Voatz had commissioned Trail of Bits to research its platform.
Voatz started working with HackerOne in August 2018 and has paid out over $6,000 to researchers via “HackerOne and other avenues” since. It plans to announce its personal bounty program “in the coming days.”
West Virginia has dropped its partnership with the corporate.
Disclosure Read More
The chief in blockchain information, CoinDesk is a media outlet that strives for the very best journalistic requirements and abides by a strict set of editorial insurance policies. CoinDesk is an impartial working subsidiary of Digital Currency Group, which invests in cryptocurrencies and blockchain startups.