Nocks is growing at a reasonable pace, which is wonderful. To make sure that we keep up with the latest security features we added a Bug Bounty & Responsible Disclosure to our platform. All to keep our users as safe as possible. We partnered up with Zerocopter to have an ongoing security plan for the entire Nocks platform.
Zerocopter is a Dutch company filled with ethical hackers that love to break into organizations, to then repair and improve them. Their Researcher Program finds bugs and exploits on our platform, but isn’t exclusive to the Zerocopter researchers. If you find a bug or exploit, please refer to our Bug Bounty & Responsible Disclosure.
As our platform grows, we’ll most likely become a bigger target. The more money we process and funds we hold, the more interesting it will be to try and break in. Even though not a single Gulden deposit is kept online and all of the EUR deposits are kept in a separate foundation. We want to make sure that our platform is as safe as possible.
Data, data, data
Of course, funds aren’t the only interesting aspect of potentially breaching our platform. There’s tons of data that we want to protect and keep safe. But you can’t lose what you don’t store. Think of the passports and identity cards that are asked of our users during onboarding. We don’t keep copies of these documents. We keep the minimum required data of our users, so even if we get breached the damage will be very limited.
That doesn’t give us an excuse to keep the platform from being improved. A Responsible Disclosure isn’t just for the hackers, it’s also a responsibility for us and any other (financial) organization out there. We have a responsibility to keep our users safe and we’ll do everything we can to make that happen.
We don’t solely work with Zerocopter. Our bug bounty program is open to anyone that finds exploits or serious security breaches. Your report, however, will go through Zerocopter so we will have one spot to assess any issues.