Kraken
Security Labs
Kraken is the most secure digital asset exchange because we live and breathe security – in fact, we have multiple world-class teams dedicated to testing our products and services.
However secure we might be, though, we know our success is linked to the success of others within the cryptocurrency community.
Kraken
Security Labs
That’s why we created Kraken Security Labs, an elite team of security researchers that aims to protect and grow the cryptocurrency ecosystem by:
测试普遍的第三方产品和服务
Working with vendors to fix those issues
Informing the public about ways they can best protect themselves
对负责任的信息披露作出的承诺
When a security researcher finds a vulnerability, the best practice is to contact the vendor so the vendor can fix the issue.
While simple in theory, many issues can arise in practice:
What if the affected vendor doesn’t respond?
Maybe the vendor doesn’t want to acknowledge the issue or they do not have a bug bounty program.
How long should the vendor be given to fix the issue?
Some security issues are not easy to fix and vendors often want to prioritize new features instead of fixing problems.
研究人员是否应该向公众披露该问题,如果是,那么何时披露?
当每个白帽黑客都担心他们发现的问题已经被为人所知并被坏人利用时。当供应商没有发布修复程序的每一刻都是公众被蒙在鼓里并且没有掌握保护自己的知识的时刻。 公众披露是研究人员向供应商施压以修复问题的唯一筹码。
Simply put, disclosing vulnerabilities responsibly means something different to everyone – it’s inherently difficult to balance the needs of vendors and users.
We strongly believe it’s essential for research teams like us to partner with vendors to fix issues in their products and disclose them to the public.
In pursuit of that goal, Kraken Security Labs has disclosed and worked with vendors to fix issues across a wide range of cryptocurrency products and services. The details of our vulnerability disclosure policy are published here.
Cryptocurrency Hardware Wallets
我们认为您不应该将您的资金存放在任何一个交易平台上,包括我们的交易平台。
这就是为什么我们会定期购买和测试为客户提供存储和自我保护其加密资产能力的产品。
我们已经发布了以下产品的问题和建议:
Cryptocurrency Services
At Kraken, we encourage all our clients to test and verify any cryptocurrency service they might decide to trust with their funds or data.
We’ve published issues and advisories for the following services:
Our Disclosure Philosophy
Hearing conflicting reports about a Kraken Security Labs disclosure?
Know it’s common for vendors and researchers to disagree on the severity of an issue.
Put simply, researchers want their work to have maximum impact, while vendors typically want to downplay the extent of the issue.
Interpreting Severity
Security vulnerabilities are typically given a severity range from Low to Critical, but not all vulnerabilities disclosed by Kraken Security Labs or other researchers will be Critical.
Still, we believe it is crucial these faults be exposed.
Even a handful of low, medium and high severity vulnerabilities might be used by an attacker in a coordinated way to result in a big impact to the target device.
Compounding Benefits
Releasing these findings can power additional work.
It’s common for security researchers to build upon the work of others, to release issues that should be fixed but don’t allow full compromise and to release research that the vendor doesn’t immediately think is worth fixing.
Because of this, it would not be responsible for a security researcher to remain quiet because they did not find an issue of Critical severity.
We strive to put out disclosures that are as understandable and transparent as possible to the public, so that you can make informed choices as to the severity of the issue.
A Stronger Industry Together
It’s not just Kraken who believes the industry is stronger and more secure when research teams and vendors work together.
As you can see from the testimonials below, Kraken Security Labs is aligned with the values and needs of the cryptocurrency industry.
We are happy that Kraken Security Labs are investing their resources in improving the security of the whole Bitcoin ecosystem. We cherish this kind of responsible disclosure and cooperation.
CoolBitX extends our warmest thanks to the Kraken Security Labs team for scrutinizing the resilience of the CoolWallet S’s security processes in such great detail. Providing such a fresh and expert perspective on possible attack vectors and device vulnerabilities is invaluable to our team and the community we serve.
我们还想花点时间感谢Kraken出色的工作。我们非常感谢他们与我们Ledger Donjon团队采取类似的立场:为加强整个加密货币行业的安全性尽一份力。
Follow Us!
To follow our work and remain up-to-date on our announcements, bookmark our official blog or enter your email address to subscribe and receive notifications of new posts by email.