Libra Association opens Bug Bounty program to everyone

The organization wants researchers to test the security of its Libra blockchain.

Facebook's Calibra digital wallet isn't expected to launch until 2020. But, as you might expect, the organization created to protect the Libra cryptocurrency that will be used with Calibra (and other Libra financial services) is already working to ensure it keeps people's data safe. We're talking about the Libra Association, the independent group in charge of governing Libra, which has announced it is now welcoming all researchers who want to help test the security of its blockchain technology -- in exchange for financial rewards, naturally. The Libra Bug Bounty program was announced at the time when the Libra Association became official in June, but now the nonprofit will be opening it to the public.

The Libra Association, backed by 28 companies including MasterCard, Visa, PayPal, eBay, Uber, Lyft, Farfetch and, of course, Facebook/Calibra, says it has built its Bug Bounty program as a "major effort to strengthen the security of our blockchain." And it wants developers worldwide to identify bugs and flaws in the Libra blockchain before it arrives next year, when there will be real money from presumably millions of people at stake. According to the Libra Association, security researchers should know that the Libra's blockchain technology is still in testnet, an early-stage version of its code, and that it won't be launching until regulatory concerns and approvals have been sorted out.


Facebook Calibra.

Michael Engle, Head of Developer Ecosystem at the Libra Association, said in a blog post that those who assist the organization in discovering "the most critical issues" can receive up to $10,000 in rewards per bug report. That said, the Libra Association told Engadget it could pay more more or less than that sum, based on the type of vulnerability that someone brings to their attention.

Engle added that the goal with the Libra Bounty program is to encourage members of the security community to scrutinize the blockchain -- which, to be clear, won't feature any actual money during this test -- and help the Libra Association find even the most subtle bugs. "With the launch of the Libra Bug Bounty, we are excited to build an open and vibrant network of security and privacy researchers around the globe," he said. "We know it will take a global community to launch a global cryptocurrency, and we are committed to taking the time to get this right."

Given that Facebook spearheaded the Libra Association, this bug bounty program shouldn't come as a surprise. Facebook has been crowdsourcing security efforts for years now, having awarded millions of dollars to tipsters to date. Just last week, in fact, the company announced the expansion of its Data Abuse bounty program to Instagram, which will reward researchers who report third-party services that may be exploiting user data on the popular app.