Meet the Man Who Created a Bug Bounty Program for Dash

You may not be familiar with Jim Bursch, but you certainly know about Dash, one of the top ten cryptocurrencies (and fighting tooth and nail to remain one). With a strong community supporting it and solid plans to improve its usability and security, Dash has a bug bounty program, and Bursch is the man behind it.

Q. Can you tell us a little about your background?

A. In the ’90s, I was a journalist, having published a small community magazine and worked at newspapers as a copy editor and online news editor. In 2000, I jumped to a dot-com as a content producer and went on to become a systems analyst picking up the pieces after the dot-com bust. At that time, I conceived the idea that has now become (formerly Dash Messaging).

In 2013, I learned about Bitcoin and decided to use it in MemoTrader as the payment system. I did this primarily because of the privacy concerns and costs of working with credit card payment systems. In early 2017, as Bitcoin transaction costs and confirmation times skyrocketed, I decided that it no longer satisfied my needs for a payment system, so I started looking at other cryptocurrencies. I settled on Dash because its mission is to be exactly what I need – the digital equivalent of cash.

Q. You saw the value of monetizing people’s time and attention before hearing about blockchain tech, so how are you working with cryptocurrency to do that now? How has that evolved?

A. Enabling people to monetize their time and attention necessarily requires a lot of private information. Current systems that exploit people’s time and attention have no respect for privacy and are utterly abusive in their business model (ad-supported media). This is also true for current (credit card) payment systems. By using cryptocurrency, we can separate transaction data from private data.

Q. How did you end up working on Dash?

A. After settling on Dash for MemoTrader, I found myself getting involved in the community that supports the development of Dash. One feature of Dash is its governing and self-funding mechanism, which is unique and innovative. Unlike Bitcoin, which gives 100% of the mining reward (new Bitcoins) to miners, Dash splits the mining reward three ways: 45% to miners, 45% to masternodes, 10% to a budget system. That 10% is allocated every month to projects that are devoted to the development of Dash and the Dash ecosystem. At today’s price, that amounts to about $2.5 million per month.

In the summer of 2017, I came up with the idea of establishing a bug bounty program for Dash. Bounty programs are an effective way of engaging the hacker community in a constructive manner that helps to strengthen the safety and security of software. I wrote a proposal to establish a bug bounty program using Bugcrowd, which is a company that has developed a platform for managing bounty programs and relationships with thousands of security researchers (hackers). My proposal was approved, and I received funding to set up the program for one year. In April of this year, I received approval and funding to continue the program for another year, to August of 2019.

Q. Why is Dash so resistant to hacking? Can you tell us about the Bugcrowd Bug Bounty program? What is it?

Dash is resistant to hacking because it is founded on a sound codebase (originally a fork of the Bitcoin codebase) and it has attracted the interest and effort of very skilled and talented developers. This probably has a lot to do with the character and values of Dash’s creator, Evan Duffield.

Fundamentally, from the very beginning, the mission of Dash has not changed. It seeks to be the digital equivalent of cash, which means that transactions are instant, private, very low-cost, and easy. Of those four qualities, Dash has achieved three and is working on the fourth (ease of use). At its core, the Dash community supports this effort and is less interested in the speculative value of the cryptocurrency. If anything, cryptocurrency speculation is a distraction from the mission.

Q. How are people rewarded for their work? How much does it pay?

A. The Dash Bug Bounty Program pays up to $10,000 for a critical vulnerability. If we receive the report through the Bugcrowd platform, the bounty is paid in U.S. dollars through the platform. We may also receive reports outside of the platform via email or one of the Dash community channels. In those cases, we will pay bounties in Dash. Vulnerabilities have to be reported responsibly (discretely) and evaluated before a bounty is paid.

Q. Is this the only program out there? Do you have plans to work with any other cryptocurrency?

A. The Dash Bug Bounty Program is not the only bounty program in the cryptocurrency space. It is, however, the only bug bounty program that is funded in the manner that it is funded. Essentially, Dash was created for the purpose of the bounty program. It does not cost anyone anything, which means that funds are not being diverted from another purpose for this purpose. Other bounty programs are usually funded from development funds, which means that money spent on bounties is money that is not spent on development. Thanks to Dash’s unique budgeting system, this is not the case for Dash.

Q. What are the next steps for you?

A. Currently, most of my time is devoted to getting MemoTrader out into the world. The platform is fully functioning, but it needs users and it can’t attract users until it has a critical mass of users. This is a very challenging chicken-and-egg problem that I am constantly working on.

Q. Is there anything else you would like to add?

A. Making Dash easy to use is a huge development task that is currently on track and will be rolling out in the coming year. The technology that is involved is breathtaking in its breadth and ambition.

However, unlike other cryptocurrency initiatives, this development is not accompanied by vacuous hype. This is what makes DASH interesting and impervious to the daily swings of its market capitalization.