There is some interesting work being done in regards to creating trust minimizing mechanisms via zk-proofs. Here's an excerpt from the firm Trail of Bits:
"Why ZK proofs of exploitability?
Software makers and vulnerability researchers have a contentious relationship when it comes to finding and reporting bugs. Disclosing too much information about a vulnerability could ruin the reward for a third-party researcher while premature disclosure of a vulnerability could permanently damage the reputation of a software company. Communication between these parties commonly breaks down, and the technology industry suffers because of it.
Furthermore, in many instances companies are unwilling to engage with security teams and shrug off potential hazards to user privacy. In these situations, vulnerability researchers are put in a difficult position: stay silent despite knowing users are at risk, or publicly disclose the vulnerability in an attempt to force the company into action. In the latter scenario, researchers may themselves put users in harm’s way by informing attackers of a potential path to exploitability.
ZK proofs of exploitability will radically shift how vulnerabilities are disclosed, allowing companies to precisely define bug bounty scope and researchers to unambiguously demonstrate they possess valid exploits, all without risking public disclosure."
source:
https://blog.trailofbits.com/2020/05/21/reinventing-vulnerability-disclosure-using-zero-knowledge-proofs/
https://www.darpa.mil/news-events/2021-04-22
u32larry
npub1d7h…0880
2024-02-29 02:19:40
in reply to nevent1q…nf9w
Author Public Key
npub1d7hra747akvkya6n8qawuw9zyzkr2nzc3uf023jqmq6wh8maz8kq0y0880Published at
2024-02-29 02:19:40Event JSON
{
"id": "7bea461e67dc2d9cf5a83c07330d7a6d98913a6b584bc4a6e60696e01f16856c",
"pubkey": "6fae3efabeed99627753383aee38a220ac354c588f12f54640d834eb9f7d11ec",
"created_at": 1709169580,
"kind": 1,
"tags": [
[
"e",
"edc9bc50d6b1bf84c0eb854ba98b6a55688399b3e941c8a5ffc1b624e0ea3885",
"",
"root"
],
[
"p",
"52b4a076bcbbbdc3a1aefa3735816cf74993b1b8db202b01c883c58be7fad8bd",
"",
"mention"
],
[
"p",
"4ef937123ffc92417d04e137d9f8bf33b75ca45a08be8049d8abde1197fe79c0"
]
],
"content": "There is some interesting work being done in regards to creating trust minimizing mechanisms via zk-proofs. Here's an excerpt from the firm Trail of Bits:\n\n\"Why ZK proofs of exploitability?\n\nSoftware makers and vulnerability researchers have a contentious relationship when it comes to finding and reporting bugs. Disclosing too much information about a vulnerability could ruin the reward for a third-party researcher while premature disclosure of a vulnerability could permanently damage the reputation of a software company. Communication between these parties commonly breaks down, and the technology industry suffers because of it.\n\nFurthermore, in many instances companies are unwilling to engage with security teams and shrug off potential hazards to user privacy. In these situations, vulnerability researchers are put in a difficult position: stay silent despite knowing users are at risk, or publicly disclose the vulnerability in an attempt to force the company into action. In the latter scenario, researchers may themselves put users in harm’s way by informing attackers of a potential path to exploitability.\n\nZK proofs of exploitability will radically shift how vulnerabilities are disclosed, allowing companies to precisely define bug bounty scope and researchers to unambiguously demonstrate they possess valid exploits, all without risking public disclosure.\"\n\nsource:\nhttps://blog.trailofbits.com/2020/05/21/reinventing-vulnerability-disclosure-using-zero-knowledge-proofs/\n\nhttps://www.darpa.mil/news-events/2021-04-22",
"sig": "d7b12a2e26f90c15a9af4bfbb422875d1df293847150b779b82e6b8af13d52a00dce368ad19b4b68a396aadbbdab36d7af9de92db6df539fb416890e70e2c01a"
}