The developers of Bitcoin Core have launched a new method aimed at resolving “critical bugs”. By finding and fixing serious flaws in the Bitcoin software. This strategy tries to improve network security and dependability.
Antoine Poinsot, Bitcoin Core developer, stated that folks think the software of Bitcoin Core does not have any issues; he warns that this thought is not right and might be dangerous.
To inform people about the possible security issues, a team of Bitcoin Core developers has launched new policies.
On July 3rd, Antoine Poinsot, including five other people, delivered a message to the people of the Bitcoin Development Mailing List:
“The project has historically done a poor job at publicly disclosing security-critical bugs, whether externally reported or found by contributors.”
This results in thinking Bitcoin users that there is no issue with Bitcoin Core but that’s not true according to Poinsot.
“This perception is dangerous and, unfortunately, not accurate.”
We can define Bitcoin Core as a program that allows Bitcoin node operators to establish a connection to the blockchain, confirm transactions, and produce new blocks. It is very important because it assists the security of assets on the Bitcoin network veiled at over $1.1 trillion.
The new policy, says Poinsot, plans to enhance the way that risks associated with using older versions of Bitcoin Core are being delivered. Further, it gives a clear framework for researchers to report and share any issues they face, which motivates them to quickly look for vulnerabilities.
“Making the security bugs available to the wider group of contributors can help prevent future ones.”
New policies will categorize the vulnerabilities into four levels of severity. In first level known as “low”, has bugs that are difficult to find and do not damage much. For example, a wallet bug only damages the computer of a victim when the intruder has access to it.
“Medium” is the second level that comprises bugs having moderate effects, such as taking ownership of a machine linked to the same local network.
The final two categories include “high” severity problems, which can produce major issues, and “critical” severity bugs. These threaten the security of the entire network. For example, a critical bug might involve currency theft or the use of Bitcoin Core to create more Bitcoins than the set limit permits.
The software will show bugs of a low, medium, and high severity level around two weeks following the start of a new version. Each case will have its own unique set of circumstances that will determine when bugs will become disclosed.
Poinsot said that, in the following several months, the new policy would be applied.
He further stated that as of July 3rd, all vulnerabilities solved in Bitcoin Core versions 0.21.0 and earlier have been made available to the public. Later this month and in August, the disclosure for versions 0.222.0 and 0.23.0 will be available.
Version 27.1 of Bitcoin Core is the most recent version that is in use right now.
Eric Voskuil, a fellow Bitcoin Core developer, applauds the new policy:
“Many other projects have been on the receiving end of this misperception, and it has in fact caused material harm to the community. I don’t know what precipitated this change, but props to you all for stepping up.”
