A group of Bitcoin Core developers have launched a “critical bug” disclosure policy, which aims to more effectively communicate security issues in Bitcoin.

“The project has historically done a poor job of publicly disclosing security-critical bugs, whether they are reported externally or found by contributors,” Bitcoin core developer Antoine Poinsot and five others wrote to members of the Bitcoin Development Mailing List on July 3.

This has led Bitcoin users to believe that Bitcoin Core is bug-free, but Poinsot stresses that this is simply not the case.

“This perception is dangerous and unfortunately incorrect.”

Bitcoin Core is the software that Bitcoin node operators download to access the Bitcoin blockchain, validate transactions, and build blocks. It plays a crucial role in securing the over $1.1 trillion locked in the Bitcoin network.

Coin telegraph

Poinsot said the new policy would allow for better communication about the risks of using outdated versions of Bitcoin Core and would provide a standardized disclosure process that would give researchers more incentive to find and responsibly disclose vulnerabilities.

“By making the security bugs available to a wider group of contributors, we can prevent future bugs.”

The new disclosure policy categorizes vulnerabilities based on four severity levels.

The first category, “low,” are bugs that are difficult to exploit and have low impact, such as a wallet bug that requires access to the victim’s machine.

The second category, ‘medium’, includes bugs with limited impact, such as a crash remote from a local network.

The last two categories include ‘high’ severity bugs that can have a significant impact, while ‘critical’ severity bugs are those that threaten the integrity of the entire network.

An example of a critical bug could be manipulating Bitcoin Core to inflate Bitcoin’s fixed limit or committing a ‘coin theft’.

Minor, medium and major bugs are intended to be disclosed two weeks after the release of a fixed version. Critical bugs will be disclosed on a case-by-case basis.