2019-8-14
在构建 Libra 区块链的过程中,安全问题一直是重中之重。假设人们在 Libra 上每一天都不间断运行着金融活动,可想而知最关键的是其背后的基础架构必须可靠且安全。为了显示更透明,我们在发布之前就充分计划好我们的计划,而且开源了 Libra 区块链早期的一个版本,Libra Core,基于 Apache 2.0 许可。通过测试网,我们可以把社区的意见与建议收集起来,也通过此指明了项目的发展方向,使其尽可能地朝可伸缩性、可靠性和高安全性方向发展。
When we built the Libra Blockchain, security was top of mind. If people are going to rely on Libra for their everyday financial needs, it is critical that the infrastructure behind it be dependable and safe. This is one of the reasons we shared our plans well in advance of launch and open-sourced an early-stage version of the Libra Blockchain code, Libra Core, under an Apache 2.0 License. This testnet will help us gather feedback from the community about the direction of the project and work toward ensuring a scalable, reliable, and secure launch.
今天我们热烈宣布启动 Libra Bug 悬赏项目,向全世界的安全研究者开放。通过该项目不但可以收集反馈信息,而且更能加强 Libra 区块链的安全性。你可以通过此了解该项目的更多信息。
Another way to gather feedback and reinforce the security of the Libra Blockchain is through a bug bounty. Today we are excited to announce the launch of the Libra Bug Bounty program, which is open to security researchers around the world. You can find more information about the program here.
我们在6月18日宣布了针对 Libra 的计划后,便开始了我们的 Bug 赏金工作,并推出了一个 beta 的 Bug 赏金计划。为了优化,在广泛发布之前我们就邀请了 50 位具有区块链专业知识的安全研究人员,鼓励他们深入研究该平台。
We kicked off our bug bounty efforts as soon as we announced the plans for Libra, on June 18th, with a beta bug bounty program. We invited 50 security researchers with blockchain expertise and encouraged their deep scrutiny of the platform. This helped us fine-tune and tweak the program before opening it up more broadly.
时下程序已经公之于众,然后我们希望能够更快更广泛地收到反馈。为了鼓励社区的安全研究人员更深入发掘问题于是就提出了悬赏计划,帮助我们找出那些最细微的 Bug。我们想帮助我们的研究员把测试网中 Libra 区块链问题都找出来,可以放心的是这些测试的金额都不是实际发行的。发现最关键问题的参与者可获得高达 10,000 美元的奖励。
Now that the program is open to the public, we hope to further accelerate and expand this feedback loop. Our rewards program is designed to encourage members of the security community to dig deep, helping us find even the most subtle bugs. We want to help our researchers uncover issues while the Libra Blockchain is still in testnet and no real money is in circulation. Participants can receive up to $10,000 in rewards for discovering the most critical issues.
鼓励安全社区成员检测并报告安全漏洞然后换取潜在可能的奖励,这就是 Bug 赏金,它是的一种行之有效的方法。而且不仅仅适用于区块链。各行各业的许多公司都有自己的漏洞赏金计划,鼓励开发人员报告其各自技术的安全问题。
Bug bounties are a well-established way to encourage members of the security community to detect and report security vulnerabilities in exchange for potential rewards. And it’s not just for blockchains. Many companies across industries have bug bounty programs of their own to help encourage developers to report security issues with their respective technologies.
Libra Bug 悬赏项目的启动,意味着这是一个为全球安全与隐私研究者所提供的一个网络,我们很高兴发布了这个开放且充满活力的网络。 我们知道,一个全球性的加密货币就需要一个全球性社区网络,并且我们致力于花一些时间来实现这一目标。
With the launch of the Libra Bug Bounty, we are excited to build an open and vibrant network of security and privacy researchers around the globe. We know it will take a global community to launch a global cryptocurrency, and we are committed to taking the time to get this right.
有关 Libra Bug 悬赏项目的更多信息,请访问 https://hackerone.com/libra。
For more information about the Libra Bug Bounty program, visit https://hackerone.com/libra.
