DASH Hardens Cryptocurrency With Bugcrowd

Security at Dash

Dash is a leading e-commerce and payments-focused digital currency, and the fast-growing alternative to bitcoin. With over 1000% year-on-year growth in both value and trading volume since 2015, Dash has been consistently ranked in the top ten digital currencies by market capitalization and one of only a few offering safe, decentralized financial solutions to real world problems.

As cryptocurrencies become more mainstream, identifying and fixing security vulnerabilities is imperative. But demand for security professionals outweighs the supply. Working with Bugcrowd alleviates that pain point, harnessing the power of the Crowd to scale and secure its online payments. But that’s not the only value Dash derives from working with Bugcrowd.

Seizing the Opportunity

Meaningful amounts of cryptocurrency are an obvious target, attracting a powerful incentive for thieves on a global scale. Dash understands security is absolutely imperative to money markets but they were limited in time and resources. They needed external feedback on code to ensure the security of the cryptocurrency they held.

Bug bounty programs attract fresh eyes to review code, ensuring white-hat hackers identify security flaws that your security and development team can’t. Dash launched a private bug bounty program in August 2017 with Bugcrowd, which tapped into a curated, invite-only crowd to find the company’s platform vulnerabilities. Dash took the program public after two weeks, inviting registered security experts around the world to detect issues on behalf of Dash, strengthening Dash’s overall security.

Dash Relies on Bugcrowd for Program Management

Dash values Bugcrowd as a partner because of many reasons. The one that stands out especially, is the unique expertise and tool set that Bugcrowd makes available to Dash’s security team to focus on the company’s core business. Dash relies on Bugcrowd to incentivize thousands of security researchers to surface critical software vulnerabilities.

Regardless of size, organizations that attempt a self-managed program quickly find the process overwhelming and ineffective.

Defining scope, identifying program security owners, establishing a vulnerability management program, liaising with the security researcher community, and determining time-to-fix agreements within that program — all of these require time and resources both in the setup, and on an ongoing basis as the program evolves.

By choosing Bugcrowd to manage their bug bounty, Dash has taken the work out of running a bug bounty program, so all they see are valuable results. Bugcrowd blends its program management, security DNA and deep researcher relationships to ensure the success of their crowdsourced security program.

Bug Bounty Program Results

Dash Digital Cash deals with sophisticated and complex code, already well-tested and vetted by the internal team. This requires expertise in a very specific field of hacking, which several of Bugcrowd researchers have and continue to refine over time.

Because of this complexity, over the course of one year, Bugcrowd researchers have identified 11 valid unique bugs in Dash digital cash applications. Bugcrowd’s triage and validation team filtered through 66 vulnerabilities submissions that were either out of scope, invalid, unreproducible, not applicable, or otherwise, saving Dash numerous hours of work.

Working with Bugcrowd brings Dash several different benefits. On top of vulnerabilities identified, reported, triaged and remediated, there is the additional benefit around PR. With a public Bugcrowd bug bounty, Dash can showcase its commitment to security, giving Dash users confidence of knowing the application they are using is tested and safe.

Over the course of the Dash bug bounty program, the company has experienced ongoing success and has adopted the Bugcrowd platform as an essential — if not primary — part of its security strategy.

Dash strives for a safer, stronger network. The leadership team invests heavily in ensuring Dash meets the highest security and quality standard possible. Working with Bugcrowd and funding the best bug bounty program in cryptocurrency is an example of their commitment.