{"id":24302,"date":"2024-07-04T12:00:16","date_gmt":"2024-07-04T09:00:16","guid":{"rendered":"https:\/\/coinengineer.io\/?p=24302"},"modified":"2024-07-04T10:11:47","modified_gmt":"2024-07-04T07:11:47","slug":"bitcoin-core-developers-introduce-new-critical-bug-disclosure-policy","status":"publish","type":"post","link":"https:\/\/coinengineer.net\/blog\/bitcoin-core-developers-introduce-new-critical-bug-disclosure-policy\/","title":{"rendered":"Bitcoin Core Developers Introduce New &#8220;Critical Bug&#8221; Disclosure Policy"},"content":{"rendered":"<p>A group of Bitcoin Core developers has launched a \u201ccritical bug\u201d disclosure policy aimed at more effectively communicating Bitcoin security vulnerabilities.<\/p>\n<div id=\"ez-toc-container\" class=\"ez-toc-v2_0_71 counter-hierarchy ez-toc-counter ez-toc-grey ez-toc-container-direction\">\n<div class=\"ez-toc-title-container\">\n<p class=\"ez-toc-title\" style=\"cursor:inherit\">Table of Contents<\/p>\n<span class=\"ez-toc-title-toggle\"><a href=\"#\" class=\"ez-toc-pull-right ez-toc-btn ez-toc-btn-xs ez-toc-btn-default ez-toc-toggle\" aria-label=\"Toggle Table of Content\"><span class=\"ez-toc-js-icon-con\"><span class=\"\"><span class=\"eztoc-hide\" style=\"display:none;\">Toggle<\/span><span class=\"ez-toc-icon-toggle-span\"><svg style=\"fill: #999;color:#999\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" class=\"list-377408\" width=\"20px\" height=\"20px\" viewBox=\"0 0 24 24\" fill=\"none\"><path d=\"M6 6H4v2h2V6zm14 0H8v2h12V6zM4 11h2v2H4v-2zm16 0H8v2h12v-2zM4 16h2v2H4v-2zm16 0H8v2h12v-2z\" fill=\"currentColor\"><\/path><\/svg><svg style=\"fill: #999;color:#999\" class=\"arrow-unsorted-368013\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"10px\" height=\"10px\" viewBox=\"0 0 24 24\" version=\"1.2\" baseProfile=\"tiny\"><path d=\"M18.2 9.3l-6.2-6.3-6.2 6.3c-.2.2-.3.4-.3.7s.1.5.3.7c.2.2.4.3.7.3h11c.3 0 .5-.1.7-.3.2-.2.3-.5.3-.7s-.1-.5-.3-.7zM5.8 14.7l6.2 6.3 6.2-6.3c.2-.2.3-.5.3-.7s-.1-.5-.3-.7c-.2-.2-.4-.3-.7-.3h-11c-.3 0-.5.1-.7.3-.2.2-.3.5-.3.7s.1.5.3.7z\"\/><\/svg><\/span><\/span><\/span><\/a><\/span><\/div>\n<nav><ul class='ez-toc-list ez-toc-list-level-1 eztoc-toggle-hide-by-default' ><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-1\" href=\"https:\/\/coinengineer.net\/blog\/bitcoin-core-developers-introduce-new-critical-bug-disclosure-policy\/#Addressing_Past_Issues_and_Enhancing_Transparency\" title=\"Addressing Past Issues and Enhancing Transparency\">Addressing Past Issues and Enhancing Transparency<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-2\" href=\"https:\/\/coinengineer.net\/blog\/bitcoin-core-developers-introduce-new-critical-bug-disclosure-policy\/#Categorizing_Vulnerabilities_and_Disclosure_Timeline\" title=\"Categorizing Vulnerabilities and Disclosure Timeline\">Categorizing Vulnerabilities and Disclosure Timeline<\/a><\/li><\/ul><\/nav><\/div>\n<h2><span class=\"ez-toc-section\" id=\"Addressing_Past_Issues_and_Enhancing_Transparency\"><\/span>Addressing Past Issues and Enhancing Transparency<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>\u201cT<em>he project has historically done a poor job at publicly disclosing security-critical bugs, whether externally reported or found by contributors<\/em>\u201d <strong>Bitcoin Core developer Antoine Poinsot<\/strong> and five others wrote to members of the Bitcoin Development Mailing List on July 3. This has led to a situation where Bitcoin users are led to believe that Bitcoin Core is free of bugs, but <strong>Poinsot<\/strong> stressed that this simply isn\u2019t the case. <em>\u201cThis perception is dangerous and, unfortunately, not accurate.\u201d<\/em><\/p>\n<p><a href=\"https:\/\/coinengineer.net\/blog\/pre-etf-ether-options-trend-mirrors-btc-except-for-one-key-difference\/\"><em><span style=\"font-weight: 400;\">This Might Interest You: Pre-ETF Ether Options Trend Mirrors BTC Except for One Key Difference<br \/>\n<\/span><\/em><\/a><\/p>\n<p><strong>Bitcoin Core<\/strong> is the software that Bitcoin node operators download to access the Bitcoin blockchain, validate transactions, and build blocks. It plays a crucial role in securing more than $1.1 trillion locked in the Bitcoin network. <strong>Poinsot<\/strong> said the new policy would allow better communication about the risk of running outdated versions of Bitcoin Core and would provide a standardized disclosure process that would give researchers more incentive to find and responsibly disclose vulnerabilities. <em>\u201cMaking the security bugs available to the wider group of contributors can help prevent future ones.\u201d<\/em><\/p>\n<h2><span class=\"ez-toc-section\" id=\"Categorizing_Vulnerabilities_and_Disclosure_Timeline\"><\/span>Categorizing Vulnerabilities and Disclosure Timeline<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>The new disclosure policy will categorize vulnerabilities based on four levels of severity. The categories include:<\/p>\n<ol>\n<li><strong>Low:<\/strong> Bugs that are hard to exploit and have low impact, such as a wallet bug that requires access to the victim\u2019s machine.<\/li>\n<li><strong>Medium:<\/strong> Bugs with limited impact, such as local network remote crashes.<\/li>\n<li><strong>High:<\/strong> Bugs that could have significant impact.<\/li>\n<li><strong>Critical:<\/strong> Bugs that threaten the entire network\u2019s integrity, such as manipulating Bitcoin Core to inflate Bitcoin\u2019s hard-capped supply or committing a \u201ccoin theft.\u201d<\/li>\n<\/ol>\n<p>Low, medium, and high bugs will aim to be disclosed two weeks after a fixed version is released, while disclosures for critical bugs will be determined on a case-by-case basis. The policy will be \u201cgradually adopted\u201d in the coming months, Poinsot added.<\/p>\n<p><strong>Poinsot<\/strong> noted that all vulnerabilities fixed in Bitcoin Core versions 0.21.0 and earlier have been disclosed as of July 3, and disclosures for versions 0.22.0 and 0.23.0 will come out later this month and in August. <strong>Bitcoin Core<\/strong> version 27.1 is the latest version adopted.<\/p>\n<p>The new policy received praise from fellow <strong>Bitcoin Core developer Eric Voskuil<\/strong>: <em>\u201cMany other projects have been on the receiving end of this misperception, and it has in fact caused material harm to the community. I don&#8217;t know what precipitated this change, but props to you all for stepping up.\u201d<\/em><\/p>\n<p><em><a href=\"https:\/\/t.me\/coinengineernews\"><span style=\"font-weight: 400;\">Click here to get the latest news from Coin Engineer!<\/span><\/a><\/em><\/p>\n","protected":false},"excerpt":{"rendered":"<p>A group of Bitcoin Core developers has launched a \u201ccritical bug\u201d disclosure policy aimed at more effectively communicating Bitcoin security vulnerabilities. Addressing Past Issues and Enhancing Transparency \u201cThe project has historically done a poor job at publicly disclosing security-critical bugs, whether externally reported or found by contributors\u201d Bitcoin Core developer Antoine Poinsot and five others<\/p>\n","protected":false},"author":6,"featured_media":24303,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[9,1,2],"tags":[7164,7165,7167,7166],"class_list":["post-24302","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-crypto-news","category-genel","category-news","tag-bitcoin-core","tag-bitcoin-development","tag-bitcoin-security","tag-critical-bug"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v22.6 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Bitcoin Core Developers Introduce New &quot;Critical Bug&quot; Disclosure Policy - Coin Engineer<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/coinengineer.net\/blog\/bitcoin-core-developers-introduce-new-critical-bug-disclosure-policy\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Bitcoin Core Developers Introduce New &quot;Critical Bug&quot; Disclosure Policy - Coin Engineer\" \/>\n<meta property=\"og:description\" content=\"A group of Bitcoin Core developers has launched a \u201ccritical bug\u201d disclosure policy aimed at more effectively communicating Bitcoin security vulnerabilities. Addressing Past Issues and Enhancing Transparency \u201cThe project has historically done a poor job at publicly disclosing security-critical bugs, whether externally reported or found by contributors\u201d Bitcoin Core developer Antoine Poinsot and five others\" \/>\n<meta property=\"og:url\" content=\"https:\/\/coinengineer.net\/blog\/bitcoin-core-developers-introduce-new-critical-bug-disclosure-policy\/\" \/>\n<meta property=\"og:site_name\" content=\"Coin Engineer\" \/>\n<meta property=\"article:published_time\" content=\"2024-07-04T09:00:16+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2024-07-04T07:11:47+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/coinengineer.net\/blog\/wp-content\/uploads\/2024\/07\/bitcoin-core.webp\" \/>\n\t<meta property=\"og:image:width\" content=\"696\" \/>\n\t<meta property=\"og:image:height\" content=\"449\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/webp\" \/>\n<meta name=\"author\" content=\"Tanju Akb\u0131y\u0131k\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Tanju Akb\u0131y\u0131k\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"2 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/coinengineer.net\/blog\/bitcoin-core-developers-introduce-new-critical-bug-disclosure-policy\/\",\"url\":\"https:\/\/coinengineer.net\/blog\/bitcoin-core-developers-introduce-new-critical-bug-disclosure-policy\/\",\"name\":\"Bitcoin Core Developers Introduce New \\\"Critical Bug\\\" Disclosure Policy - Coin Engineer\",\"isPartOf\":{\"@id\":\"https:\/\/coinengineer.net\/blog\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/coinengineer.net\/blog\/bitcoin-core-developers-introduce-new-critical-bug-disclosure-policy\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/coinengineer.net\/blog\/bitcoin-core-developers-introduce-new-critical-bug-disclosure-policy\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/coinengineer.net\/blog\/wp-content\/uploads\/2024\/07\/bitcoin-core.webp\",\"datePublished\":\"2024-07-04T09:00:16+00:00\",\"dateModified\":\"2024-07-04T07:11:47+00:00\",\"author\":{\"@id\":\"https:\/\/coinengineer.net\/blog\/#\/schema\/person\/286f3a00b45c1661961e40ff0a1c7546\"},\"breadcrumb\":{\"@id\":\"https:\/\/coinengineer.net\/blog\/bitcoin-core-developers-introduce-new-critical-bug-disclosure-policy\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/coinengineer.net\/blog\/bitcoin-core-developers-introduce-new-critical-bug-disclosure-policy\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/coinengineer.net\/blog\/bitcoin-core-developers-introduce-new-critical-bug-disclosure-policy\/#primaryimage\",\"url\":\"https:\/\/coinengineer.net\/blog\/wp-content\/uploads\/2024\/07\/bitcoin-core.webp\",\"contentUrl\":\"https:\/\/coinengineer.net\/blog\/wp-content\/uploads\/2024\/07\/bitcoin-core.webp\",\"width\":696,\"height\":449,\"caption\":\"bitcoin core\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/coinengineer.net\/blog\/bitcoin-core-developers-introduce-new-critical-bug-disclosure-policy\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/coinengineer.net\/blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Bitcoin Core Developers Introduce New &#8220;Critical Bug&#8221; Disclosure Policy\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/coinengineer.net\/blog\/#website\",\"url\":\"https:\/\/coinengineer.net\/blog\/\",\"name\":\"Coin Engineer\",\"description\":\"Btc, Coins, Pre-Sale, DeFi, NFT\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/coinengineer.net\/blog\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/coinengineer.net\/blog\/#\/schema\/person\/286f3a00b45c1661961e40ff0a1c7546\",\"name\":\"Tanju Akb\u0131y\u0131k\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/coinengineer.net\/blog\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/a027c5acae1ab2c3649244f87d705ac7ee359dd7e3222b84cb1d32ba3a8d2e18?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/a027c5acae1ab2c3649244f87d705ac7ee359dd7e3222b84cb1d32ba3a8d2e18?s=96&d=mm&r=g\",\"caption\":\"Tanju Akb\u0131y\u0131k\"},\"url\":\"https:\/\/coinengineer.net\/blog\/author\/cetanju\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Bitcoin Core Developers Introduce New \"Critical Bug\" Disclosure Policy - Coin Engineer","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/coinengineer.net\/blog\/bitcoin-core-developers-introduce-new-critical-bug-disclosure-policy\/","og_locale":"en_US","og_type":"article","og_title":"Bitcoin Core Developers Introduce New \"Critical Bug\" Disclosure Policy - Coin Engineer","og_description":"A group of Bitcoin Core developers has launched a \u201ccritical bug\u201d disclosure policy aimed at more effectively communicating Bitcoin security vulnerabilities. Addressing Past Issues and Enhancing Transparency \u201cThe project has historically done a poor job at publicly disclosing security-critical bugs, whether externally reported or found by contributors\u201d Bitcoin Core developer Antoine Poinsot and five others","og_url":"https:\/\/coinengineer.net\/blog\/bitcoin-core-developers-introduce-new-critical-bug-disclosure-policy\/","og_site_name":"Coin Engineer","article_published_time":"2024-07-04T09:00:16+00:00","article_modified_time":"2024-07-04T07:11:47+00:00","og_image":[{"width":696,"height":449,"url":"https:\/\/coinengineer.net\/blog\/wp-content\/uploads\/2024\/07\/bitcoin-core.webp","type":"image\/webp"}],"author":"Tanju Akb\u0131y\u0131k","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Tanju Akb\u0131y\u0131k","Est. reading time":"2 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/coinengineer.net\/blog\/bitcoin-core-developers-introduce-new-critical-bug-disclosure-policy\/","url":"https:\/\/coinengineer.net\/blog\/bitcoin-core-developers-introduce-new-critical-bug-disclosure-policy\/","name":"Bitcoin Core Developers Introduce New \"Critical Bug\" Disclosure Policy - Coin Engineer","isPartOf":{"@id":"https:\/\/coinengineer.net\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/coinengineer.net\/blog\/bitcoin-core-developers-introduce-new-critical-bug-disclosure-policy\/#primaryimage"},"image":{"@id":"https:\/\/coinengineer.net\/blog\/bitcoin-core-developers-introduce-new-critical-bug-disclosure-policy\/#primaryimage"},"thumbnailUrl":"https:\/\/coinengineer.net\/blog\/wp-content\/uploads\/2024\/07\/bitcoin-core.webp","datePublished":"2024-07-04T09:00:16+00:00","dateModified":"2024-07-04T07:11:47+00:00","author":{"@id":"https:\/\/coinengineer.net\/blog\/#\/schema\/person\/286f3a00b45c1661961e40ff0a1c7546"},"breadcrumb":{"@id":"https:\/\/coinengineer.net\/blog\/bitcoin-core-developers-introduce-new-critical-bug-disclosure-policy\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/coinengineer.net\/blog\/bitcoin-core-developers-introduce-new-critical-bug-disclosure-policy\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/coinengineer.net\/blog\/bitcoin-core-developers-introduce-new-critical-bug-disclosure-policy\/#primaryimage","url":"https:\/\/coinengineer.net\/blog\/wp-content\/uploads\/2024\/07\/bitcoin-core.webp","contentUrl":"https:\/\/coinengineer.net\/blog\/wp-content\/uploads\/2024\/07\/bitcoin-core.webp","width":696,"height":449,"caption":"bitcoin core"},{"@type":"BreadcrumbList","@id":"https:\/\/coinengineer.net\/blog\/bitcoin-core-developers-introduce-new-critical-bug-disclosure-policy\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/coinengineer.net\/blog\/"},{"@type":"ListItem","position":2,"name":"Bitcoin Core Developers Introduce New &#8220;Critical Bug&#8221; Disclosure Policy"}]},{"@type":"WebSite","@id":"https:\/\/coinengineer.net\/blog\/#website","url":"https:\/\/coinengineer.net\/blog\/","name":"Coin Engineer","description":"Btc, Coins, Pre-Sale, DeFi, NFT","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/coinengineer.net\/blog\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/coinengineer.net\/blog\/#\/schema\/person\/286f3a00b45c1661961e40ff0a1c7546","name":"Tanju Akb\u0131y\u0131k","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/coinengineer.net\/blog\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/a027c5acae1ab2c3649244f87d705ac7ee359dd7e3222b84cb1d32ba3a8d2e18?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/a027c5acae1ab2c3649244f87d705ac7ee359dd7e3222b84cb1d32ba3a8d2e18?s=96&d=mm&r=g","caption":"Tanju Akb\u0131y\u0131k"},"url":"https:\/\/coinengineer.net\/blog\/author\/cetanju\/"}]}},"_links":{"self":[{"href":"https:\/\/coinengineer.net\/blog\/wp-json\/wp\/v2\/posts\/24302","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/coinengineer.net\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/coinengineer.net\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/coinengineer.net\/blog\/wp-json\/wp\/v2\/users\/6"}],"replies":[{"embeddable":true,"href":"https:\/\/coinengineer.net\/blog\/wp-json\/wp\/v2\/comments?post=24302"}],"version-history":[{"count":2,"href":"https:\/\/coinengineer.net\/blog\/wp-json\/wp\/v2\/posts\/24302\/revisions"}],"predecessor-version":[{"id":24333,"href":"https:\/\/coinengineer.net\/blog\/wp-json\/wp\/v2\/posts\/24302\/revisions\/24333"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/coinengineer.net\/blog\/wp-json\/wp\/v2\/media\/24303"}],"wp:attachment":[{"href":"https:\/\/coinengineer.net\/blog\/wp-json\/wp\/v2\/media?parent=24302"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/coinengineer.net\/blog\/wp-json\/wp\/v2\/categories?post=24302"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/coinengineer.net\/blog\/wp-json\/wp\/v2\/tags?post=24302"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}