degeri
commented
5 years ago Guess I am already doing this albeit in a more informal way. We could also bring on board quality/consistent security researchers who take part in the bug bounty program and show a real interest in the project.
All this on top of having a company do a proper audit will help alot with security.
xaur
Let third party company (or multiple companies) audit the core pieces of software: dcrd, dcrwallet, dcrstakepool and maybe Decrediton and mobile wallets.
This can evolve into a 2-stage RFP-like Politeia vote, first vote to determine if stakeholders want to fund such audit(s) and second vote to choose a company.
Requirement for the audit: all results and expert comments must be recorded and shared publicly (after sensitive issues are fixed), and must be integrated into coding standards so that the found issues are not introduced in future versions of the ever evolving software.
Alternatively (or additionally), If there are security researchers who audit projects for fun, fame and optional rewards, that's cool too.