ARK, a blockchain ecosystem, announced that it has sought out security and penetration testing services from world’s leading crowdsourced security platform Bugcrowd on December 11, 2018. The move makes up a part of a precautionary measure to find out vulnerabilities on the ARK ecosystem.
Exposing Vulnerabilities with the World’s Best
The collaboration will take place once ARK takes full advantage of Bugcrowd’s array of public and private services. Reportedly, the private program will commence sometime this week, and the public plan is slated to begin in January 2019.
While the ARK ecosystem believes that its in-house security infrastructure is robust, the reason to tie up with Bugcrowd was revealed in a blog post. Travis Walker, the co-founder of ARK, said:
“While the ARK team and the community know the blueprint of their ship quite well, it is often the eyes of outside examiners who can provide a fresh look from a different angle. Bugs and security vulnerabilities can be found that may never have been apparent to the ARK team. The massive increase in efficiency of crowdsourced pen-testing will allow ARK to reach maximum security in far less time than if we rely on an internal team. Ultimately, it is our highest priority to provide the most secure platform possible to the users of ARK.”
The post further stated that trusted white hat hackers or ethical hackers from all over the world would try to “breach the ARK hull and attempt to expose vulnerabilities.” With the partnership, ARK will be able to use Bugcrowd’s pool of expert researchers.
In the past Bugcrowd has worked with several eminent names from within the blockchain industry and outside. Some of these names include Netflix, Dash, Tesla, Netgear, Pinterest, Motorola, Binance, Western Union, and a host of others.
A Constructive Approach
Using Bugcrowd’s Vulnerability Rating Taxonomy (VRT), ARK will be testing out its in-house vulnerabilities. As part of the partnership, a Bugcrowd security researcher will discover a weakness and submit it to Bugcrowd.
The vulnerability will then be sent to ARK, who will fix it under 24 hours. The blockchain ecosystem will also have access to researchers, and every interaction will be transparent and accessible to the security company. Explaining why ARK opted for crowd-sourced security system, Walker said:
“There is a disconnect between the motivations of network attackers, and those of developers and security defenders. Crowdsourced security eliminates this imbalance by harnessing white hat security researchers to find and eliminate vulnerabilities, providing rapid and focused results.”
It further stated that the most vulnerable areas include, Web, API interfaces on server/cloud, IoT platforms and cell phones.
Should other blockchain ecosystems leverage such external security services? Let us know your views in the comments section.