RE: Keeping HIVE and it's Projects safe - My Sunday dedicated to more secure Frontends on HIVE.

Thank you for what you do !

I like the idea of a bug bounty system, but at the same time I've seen bug bounties massively abused. The biggest issue is people with no expertise using widely available automated tools to find supposed vulnerabilities. They then email micro-businesses like my own exaggerating the risks and ignoring the fact that other mitigations might be in place (e.g. manual checks), demanding large payouts and saying they'll publicise what they found if the payout isn't received within 24/48/72 hours.

So for Hive, I think we need a bug bounty system designed to reward genuine bug hunters like yourself without opening it up to outsiders who just want to may a quick buck.

That rules out HBD rewards paid from the DHF, and even HP rewards could be put into the power down process as soon as received. So perhaps some kind of delegation pools could be set up; that way, it's the use of the delegation in curation over a period of time which generates the rewards. I know that's not a perfect solution, but it's the only one I can think of so far that keeps capital in the system while rewarding internal bug hunters !