Through a November 30, 2022, post, Coinbase gave clarification on its bug bounty program policies with regard to its recent Uber data breach verdict, as reported by Cointelegraph.
“The key word in all of this is ‘responsible’. In the wake of the recent Uber verdict, there is a lot of concern in the industry about bug bounty submissions becoming extortion attempts. At Coinbase, […] we’ve put a lot of thought into how we operate our bug bounty program to stay on the right side of the law,” Coinbase stated.
According to Cointelegraph, on October 5, 2022, Coinbase’s verdict was issued. Joe Sullivan, former security chief, Uber, was found guilty on account of colluding with attackers to hide evidence of a data breach. It is believed that Sullivan made the claim that attackers had sent the breach in the form of a bug bounty, for which they received a bug bounty reward payment from the company. Reportedly, Coinbase highlighted its encounter with certain bug bounty participants who claim to have committed criminal actions to prevent the company from being able to legally make a payout.
“Most important of all — a bug bounty submission can never contain threats or any attempts at extortion. We are always open to paying bounties for legitimate findings. Ransom demands are an entirely different matter,” Coinbase mentioned.
(With insights from Cointelegraph)