This is why we built a nostr native bounty marketplace that can grant FOSS devs assurances through reputation and dispute resolution: resolvr.io
But we need more help! https://discord.com/invite/DsqRw8My4m
Discussion
I'm curious, do you have interest in incorporating bug bounties as well at some point? I think the bug bounty industry is fascinating. Bugs are verifiable, important to get fixed, and accessible to anyone with basic means.
Bug bounties are a slightly different model, requiring more sensitive disclosure methods and possibly escrow (of both code and payout). But we have thought about it.
Would be interested in more input or designs for bug bounties.
There is some interesting work being done in regards to creating trust minimizing mechanisms via zk-proofs. Here's an excerpt from the firm Trail of Bits:
"Why ZK proofs of exploitability?
Software makers and vulnerability researchers have a contentious relationship when it comes to finding and reporting bugs. Disclosing too much information about a vulnerability could ruin the reward for a third-party researcher while premature disclosure of a vulnerability could permanently damage the reputation of a software company. Communication between these parties commonly breaks down, and the technology industry suffers because of it.
Furthermore, in many instances companies are unwilling to engage with security teams and shrug off potential hazards to user privacy. In these situations, vulnerability researchers are put in a difficult position: stay silent despite knowing users are at risk, or publicly disclose the vulnerability in an attempt to force the company into action. In the latter scenario, researchers may themselves put users in harm’s way by informing attackers of a potential path to exploitability.
ZK proofs of exploitability will radically shift how vulnerabilities are disclosed, allowing companies to precisely define bug bounty scope and researchers to unambiguously demonstrate they possess valid exploits, all without risking public disclosure."
source:
