UPDATEWe continue to be surprised by the valuable responses from all corners of the community.
Since we presented and met many of you at the Bitcoin Conference in San Jose in May,
the feedback has gotten even better.
* Feature Requests
* UX / UI
* Ideas for the API
https://github.com/pikapay/pikapay-api* Other ideas
Last but not least, security.
As PikaPay improves, we will remain concentrated on security. Since our last public security
report, we received notice of three XSS risks which we have patched.
At his request we publicly acknowledge Sahil Sehgal, one of the two investigators
who received bitcoin rewards for reporting these vulnerabilities.
An additional report related to CVE-2009-3555 and BEAST is worth mentioning.
As always we investigated this issue very carefully, but it was not a viable attack
and did not officially qualify for a bounty. We still decided to make an exception
and pay out an unofficial reward in this case because we appreciated the time
and attention and the additional insights behind the scenes that the contributor
provided. We hope to hear more from him the future.
We view security as an ongoing effort, and appreciate the ongoing attention received from the security community.
PikaPay thanks everyone who contributed so far. We intend to keep this program running
and to disclose the results to make the community safer.
Whether you have or haven't found anything thus far, your work
is appreciated. We encourage you to keep looking and testing PikaPay.
PikaPay
The PikaPay bounty program is still running:
bit.ly/14J1YZzWe are aiming to make PikaPay one of the most secure Bitcoin services available because we believe security is one of the keys to our mission -- to bring the benefits of Bitcoin to everyone.
Security@pikapay.com is the address of PikaPay's security team.
