top | item 40711101

(no title)

yao420 | 1 year ago

I’m not a crypto hater (I used to work security at coinbase) but I think that while a chrome or iPhone zeroday might be worth less in bug bounty it’s worth more for a security engineers career long term.

Having the iPhone bug and the accompanying conference talk and blog post will allow you get hired by nearly any good security or tech company. No one cares about blockchain bugs except other crypto companies. When I and a bunch of other coinbase engineers were looking for jobs we were looked down at for even working in crypto. And weren’t even in the blockchain team! Just regular engineers.

I myself have dedicated a couple of months to testing gnosis and curve that each have $2 million bounties but turned up short. Last year I switched to a ML based fuzzing research and was able to speak at defcon and got crazy offers after publication.

discuss

tptacek|1 year ago

Serious Chrome and iPhone bug chains can be worth this much on the market, but the amount of engineering effort that goes into supporting that kind of pricing (across all the buyers, aggregated) is extreme. The subthread that unfolds from this comment is about fuzzing, but finding a vulnerability is a small part of actually selling it on the market.

Vendor bounties for these kinds of vulnerabilities are going to tend to be sharply lower than this crypto bounty, which was for a directly monetizable vulnerability. But there's a lot going into that vendor bounty price point.

zEddSH|1 year ago

Can you share more about ML based fuzzing? I do pretty basic fuzzing and that's been pretty useful at work for testing, and am keen to learn about better more modern approaches than mine!

digital_sawzall|1 year ago

Fuzzing is a massive field now. I don't know what you are doing specifically but this is a collection of good related papers: https://github.com/wcventure/FuzzingPaper.

I would find what is most like your problem domain and dig in :).