Smart contracts auditing companies like @trailofbits @ConsenSys Diligence or @OpenZeppelin should provide insurance services for smart contracts they are confident in.
Companies and users could pay x% per year to cover potential fund losses held or managed by some contracts.
-
Let's assume it is covered yes, though it seems to me like if it's not covered then they are back to wearing the security auditor hat and putting their reputation at risk for not resolving it.
Security vendors don’t resolve bugs, we advise on risk. It’s the owners perogative to take risks. If a bug is found after they deploy, that’s on the owner, not on me. I would hope our advice helped address that near inevitably, too, so handling it was quick with little impact.
-
-
Your doctor can’t control your legs and make you run. It’s not their fault if you don’t listen to every academic study they know could help you. This fantasy that a security vendor is somehow responsible for a client getting hacked is completely wrong.
-
I've never implied that security auditors are responsible for bugs in the code they audit, but it seems clear to me that an auditor that continually fails to report and disclose vulnerabilities that later get exploited will have a hard time finding new clients.
- 8 more replies
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.