Hyperledger Bug Bounty Increases Healthcare Blockchain Security

April 20, 2018 - Hyperledger announced the release of Hyperledger Bug Bounty as a part of its expanding blockchain security process. Several organizations use Hyperledger as a framework for their healthcare blockchain solutions and improving security could aid in the growing adoption of the technology.

The security feature contains a public bug tracker, continuous integration builds, core infrastructure initiative compliance, and a full responsible disclosure security bug policy and process.

Currently, Hyperledger Bug Bounty is only available for Hyperledger Fabric but there are plans to add Hyperledger Sawtooth soon. The tool is being administered by HackerOne, which has been running a private bug bounty for the past six months.

Healthcare organizations are currently using the Hyperledger Fabric framework, including Change Healthcare.

Change Healthcare launched its healthcare blockchain solution back in January to be used for claims management. Change Healthcare’s blockchain solution aims to increase trust by enabling greater auditability and traceability of financial transactions.

“At Hyperledger we have a broad base of committed developers and it is their professionalism that makes our security process solid and straightforward,” Hyperledger Security Maven Dave Huseby stated on the organization’s official blog. “When I first started, we already had in place our public bug tracking system and most teams had set up continuous integration build systems for monitoring build health. In the last year we formalized the process by which projects can move from development status to their first 1.0 release, including a number of security requirements.”

The security requirements include meeting the requirements of the Core Infrastructure Initiative (CII), nominating one to three members of a project’s community to participate on the Hyperledger security team, and undergoing a security audit from an outside auditor to establish a baseline for the codebase.

“Security is always an ongoing process of improvement. Thanks to the commitment and professionalism and general good cheer of the Hyperledger community, we have made great strides in the last year,” said Huseby. “Now with our public bug bounty, we hope to further make good on the open source promise and to deserve the trust our users have in us.”

Open source development is a large part of the Hyperledger project. Open source is the key to fast technology innovation and can help healthcare organizations overcome some of their major technological challenges quickly.

The more developers that are working on the same challenges such as interoperability and security, the faster these challenges can be resolved and eventually standardized.

Hyperledger has a healthcare working group that was established last year to guide organizations on blockchain and where it’s headed in the healthcare industry.

The healthcare working group is mainly a discussion forum to share ideas so the blockchain technology developed for healthcare has as many people and organizations developing and improving it as possible. Blockchain cannot be adopted in healthcare if organizations are not communicating, working together, and preparing for it.

Healthcare organizations need to open up their lines of communication and work together to benefit from blockchain, according to Hyperledger Executive Director Brian Behlendorf.

“For us to really get some value out of changing our data sharing networks to use blockchain, it has to start with a collective set of needs, with a set of organizations saying, ‘We have a common need. Let’s invest jointly,’” Behlendorf told HITInfrastructure.com in a previous interview. “Each of us needs to put a little skin in the game and be willing to move outside of our comfort zone to do a real solid proof of concept, a real solid pilot and to move to production and confidently understand the technology. That takes time and conversation.”

As organizations continue to work together to develop blockchain technology, new tools and features will be released to improve functionality and security.