reply on: Where is Bitcoin and Lightning's Red Team? \ stacker news ~bitcoin

pull down to refresh

101 sats \ 0 replies \ @justin_shocknet 2 May \ on: Where is Bitcoin and Lightning's Red Team? bitcoin

bug bounties or processes

I think this is more cultural than needing to be specifically outlined in OSS. The majority of eyes on decentralized/oss are the users of it.

Is this person equally concerned with the supply chain as well? libs, operating sytems, and so on?

a red team sponsored for the lightning network

Based on all the Lightning FUD that comes from grantees, competing initiatives to Lightning are that by default.

There's disincentives at work in a sponsored red team model... at least a bounty or successful attack is based on results

Implementations are also not the network, who's to say whom Lightning Labs or Blockstream hire for review in private?

more projects like lnsploit being sponsored

Maybe because no one uses this one in the first place?

concept of a red team was new to me

Probably because it's antiquated, was more of a closed-source commercial thing. Who needs it more? Microsoft or Debian?

real attackers are already incentivized

That and not just from he honeypot aspect, FUD as mentioned above is incentivized by competition... and its already a david .v goliath battle.

best preparation for a war is being attacked by your enemy

The only alternative is fighting the last war

We want well financed good guys attacking bitcoin, right? Is that a bad idea for some reason, or is it just not necessary?

Seems like the wrong question unless we assume resources are infinite? Assuming not, should it be a higher priority? Empirically there seems to be little to no justification for it.