[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: CVE's for "smart" contracts, legal execution engines

On Mon, 20 Jun 2016, Kurt Seifried wrote:

: So the main issues that need to be dealt with:
: 1) Where do we draw the line on software/service for blockchain
: technologies?

Historically, the line has been drawn around the end-user software. So 
vulnerability in the actual downloaded client qualifies for inclusion. 
vulnerability in the 'math' behind the implementation is typically seen 
a hybrid issue, or considered more a service offering. Issues in the 
algorithm or implementation that can be abused via the client software 
would fall under consumer software I believe, and warrant inclusion.

Page Last Updated or Reviewed: June 27, 2016