public inbox for bitcoindev@googlegroups.com
 help / color / mirror / Atom feed
* [bitcoin-dev] Responsible disclosure of bugs
@ 2017-09-10 22:03 Simon Liu
  2017-09-10 23:02 ` Matt Corallo
  0 siblings, 1 reply; 17+ messages in thread
From: Simon Liu @ 2017-09-10 22:03 UTC (permalink / raw)
  To: Bitcoin Dev

Hi,

Given today's presentation by Chris Jeffrey at the Breaking Bitcoin
conference, and the subsequent discussion around responsible disclosure
and industry practice, perhaps now would be a good time to discuss
"Bitcoin and CVEs" which has gone unanswered for 6 months.

https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2017-March/013751.html

To quote:

"Are there are any vulnerabilities in Bitcoin which have been fixed but
not yet publicly disclosed?  Is the following list of Bitcoin CVEs
up-to-date?

https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures

There have been no new CVEs posted for almost three years, except for
CVE-2015-3641, but there appears to be no information publicly available
for that issue:

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3641

It would be of great benefit to end users if the community of clients
and altcoins derived from Bitcoin Core could be patched for any known
vulnerabilities.

Does anyone keep track of security related bugs and patches, where the
defect severity is similar to those found on the CVE list above?  If
yes, can that list be shared with other developers?"

Best Regards,
Simon


^ permalink raw reply	[flat|nested] 17+ messages in thread

end of thread, other threads:[~2017-09-22 19:54 UTC | newest]

Thread overview: 17+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2017-09-10 22:03 [bitcoin-dev] Responsible disclosure of bugs Simon Liu
2017-09-10 23:02 ` Matt Corallo
2017-09-10 23:28   ` CryptAxe
2017-09-11  2:15   ` Anthony Towns
2017-09-11 11:34     ` Alex Morcos
2017-09-11 17:43       ` Daniel Stadulis
2017-09-11 18:29         ` Gregory Maxwell
2017-09-12  4:47         ` Anthony Towns
2017-09-12  3:37       ` Anthony Towns
2017-09-12  4:49         ` Sergio Demian Lerner
2017-09-12 16:10           ` Simon Liu
2017-09-14  5:27             ` Anthony Towns
2017-09-22  2:00               ` Nathan Wilcox
2017-09-22 19:53                 ` Sergio Demian Lerner
2017-09-12 17:57           ` Gregory Maxwell
2017-09-12  5:18         ` Bryan Bishop
2017-09-12 17:41         ` Gregory Maxwell

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox