Security News > 2022 > September > Responsible Disclosure for Cryptocurrency Security
Stewart Baker discusses why the industry-norm responsible disclosure for software vulnerabilities fails for cryptocurrency software.
Why can't the cryptocurrency industry solve the problem the way the software and hardware industries do, by patching and updating security as flaws are found? Two reasons: First, many customers don't have an ongoing relationship with the hardware and software providers that protect their funds-nor do they have an incentive to update security on a regular basis.
Turning to a new security provider or using updated software creates risks; leaving everything the way it was feels safer.
So users won't be rushing to pay for and install new security patches.
That means that the company responsible for hardware or software security may have no way to identify who used its product, or to get the patch to those users.
Even in the software industry, hackers routinely reverse engineer Microsoft's patches to find the security flaws they fix and then try to exploit them before the patches have been fully installed.