[Deleted]

This is a well-structured and thought-out proposal. I like the detailed threat models and clear budget definition. It appears to be a critical step towards enhancing the security and integrity of the Polkadot/Kusama ecosystems.

I'm happy to support proposals that significantly contribute to ecosystem resilience by ensuring the safe and secure operation of cross-chain functionalities.

AYE!

@ChaosDAO 

Thanks a lot for your input and support. Regarding the anonymity request, someone reached out about it too before people started to vote and we agreed to amend the proposal by adding the possibility of staying anonymous, see below in bold how it has been worded in the proposal

“A Hall of Fame of the Bug reporter will be published and regularly updated based on new reports and associated criticality (if they wish to preserve their anonymity, their avatar can be used instead)”

ChaosDAO would like to provide the following feedback from our community. We offer this feedback voluntarily in the spirit of OpenGov, in order to help teams improve their proposals so we can all build the network together.

1. Some members suggested a bigger fund allocation for a larger bug bounties program

2. Other members questioned the need for whitehats to share such personal information

ChaosDAO votes as a collective based on the results of our anonymous internal voting procedures. Our members are not required to provide any feedback about why they have voted in a particular direction. Similarly, to respect our members' right to anonymity, we will not be sharing the names of individuals who have chosen to voluntarily provide feedback.

Thanks for all the information @VinceCorsica, I changed my vote to aye.

Best regards, kukabi | Helikon

@🏔 HELIKON 🏔 

Thanks a lot Kukaki for the support Regarding the Curators, like for other bounties a child bounty with the details about them will be submitted when/if this one pass. But let me do some level of spoiler, it will include people with bridge, ecosystem and security expertise like working for HydraDX, Centrifuge, Parity Security, Parity Bridge teams, Snowfork and Alzymologist.

About the Parity Security team, please find some examples of deliverables:

• making available to everybody for free Fuzzers initially develop for internal use in order it benefits all the ecosystem
• having mandated and/or performed multiple projects audits, publication of the Top10 vulnerabilities on Substrate&Polkadot to help provide some guidance on how to prevent them
• following recent attacks on CI/CD, publication of best practises to limit such attacks
• and yesterday first episode of a security wargame to play red/blue team and learn all together how to detect and react to potential attacks

Regards Vince

Hi @VinceCorsica_KSM,

I support the proposal and am fully aware of its importance, and the documentation is commendable in that it's detailed and well laid-out, yet I abstain due to lack of the background and identity (albeit online) of the proponent, and the list of possible curators.

Good luck, kukabi | Helikon

@saxemberg 

Hi thanks a lot for your interest and support on this referenda. In fact there will be like it is done for other bounties a child bounty with the details about the curators which will be submitted when/if this one pass. However as I understand it may help to understand the approach already. There will be people with bridge, ecosystem and security expertise like HydraDX, Centrifuge, Parity Security, Parity Bridge teams, Snowfork and Alzymologist. Regards Vince

So, Who are the curators of this bounty and of Kusama bounty 353? What are their identities? Most proposals at this stage already have the identities of the people or entities that will be in charge of curating the proposal. The answer on Kusama's proposal just pointed at the full proposal with the section regarding curators.

We support fully this effort, but in the meantime we have abstained due to this important detail.

@Birdo 🐥 

Thanks for the support. In fact there are 2 bounties, one in Polkadot and one in Kusama because it is a bridge between the 2. For a total budget of $500K. After having reviewed what is announced into the Bug bounty area, what is really paid including associated issues and more globally based on the number of referendum, the approach taken is to ask a Bounty amount which permits to launch properly this. Based on how buy in from the whitehat/reporter community will happen and number of bugs reported, an ask for additional funds will be posted.

Who are you?

Doesn't the polkadot have security on board?

Shall I also describe academic terms about security and ask for funds from the treasury)?

Good proposal, the security of bridges is paramount to ensure a healthy and secure ecosystem.

Keeping the Bridge secure is essential for the success of the whole ecosystem

The security of bridge infrastructure is a priority for the whole ecosystem to thrive , thus i say Aye!

This is a critical part of ensuring security of bridge infrastructure, as well as the best practices of such. It serves two purposes: 1) to ensure users that security is taken seriously, and, 2) to provide an economic incentive for third parties to reveal disclosures. 

The bounty could probably be bigger, given it's an allocation it may not even all get spent....