247 sats \ 1 reply \ @kepford 2 May \ on: Where is Bitcoin and Lightning's Red Team? bitcoin
Another way to think about this is that the 1 trillion dollar bug bounty will likely be a bad actor, not a good actor. An actual bug bounty would set some expectations for compensation and not just be game theory based theft from the network. Or why not have both. Bitcoiners have skin in the game. Our money is on the line literally. Seems only logical that all of us that use lightning should seek out incentives to harden the network.
Another way to think about this is that the 1 trillion dollar bug bounty will likely be a bad actor, not a good actor
This.
Also, if we solely rely on such bad actors, we will be blind to any kind of vulnerability until it was already exploited and thus too late. Security usually works in layers so relying on "we haven't seen anyone stealing bitcoin via a protocol vulnerability yet" sounds like waiting until all layers are breached before we fix something. It's usually a lot of small details that combined lead to catastrophic failure.1
We should already be alerted when some assumptions can be broken even if that doesn't immediately results in a severe vulnerability. But we won't notice if bad actors find vulns with low CVSS.
But it's true, everyone in bitcoin should be incentivized to put our due diligence in keeping bitcoin secure but I am not sure if that's as effective as it sounds.
Footnotes
reply