101 sats \ 0 replies \ @justin_shocknet 2 May \ on: Where is Bitcoin and Lightning's Red Team? bitcoin
bug bounties or processes
I think this is more cultural than needing to be specifically outlined in OSS. The majority of eyes on decentralized/oss are the users of it.
Is this person equally concerned with the supply chain as well? libs, operating sytems, and so on?
a red team sponsored for the lightning network
Based on all the Lightning FUD that comes from grantees, competing initiatives to Lightning are that by default.
There's disincentives at work in a sponsored red team model... at least a bounty or successful attack is based on results
Implementations are also not the network, who's to say whom Lightning Labs or Blockstream hire for review in private?
more projects like lnsploit being sponsored
Maybe because no one uses this one in the first place?
concept of a red team was new to me
Probably because it's antiquated, was more of a closed-source commercial thing. Who needs it more? Microsoft or Debian?
real attackers are already incentivized
That and not just from he honeypot aspect, FUD as mentioned above is incentivized by competition... and its already a david .v goliath battle.
best preparation for a war is being attacked by your enemy
The only alternative is fighting the last war
We want well financed good guys attacking bitcoin, right? Is that a bad idea for some reason, or is it just not necessary?
Seems like the wrong question unless we assume resources are infinite? Assuming not, should it be a higher priority? Empirically there seems to be little to no justification for it.
write
preview