Bitcoin Foundation Hires Sergio Lerner As ‘On Demand’ Security Auditor

“There are possibly many other people who review the security of Bitcoin Core" explained Lerner, "and that’s perfectly fine. But it is not enough, since one cannot assure a certain piece of code has been reviewed. OpenSSL is a good example of that. That’s why it is essential that a[n] auditor is committed to do it systematically. But I’m not the only auditor as each core developer also reviews the changes made by the others. I see my job as a second line of defense.”

Lerner, who has been working in information security since 1994, has been reviewing the codebase of Bitcoin Core and has taken an active role in its development since 2012. He has reported numerous vulnerabilities preventing possible DoS attacks and thefts.

Lerner is to fill the role announced in November by Bitcoin Foundation’s Chief Scientist and former Bitcoin Lead Developer, Gavin Andresen. Andresen said the Foundation was looking to hire a full time person “dedicated to ongoing security review” and “dedicated to deep, thorough testing of the core code.”

Lerner’s main occupation is working for a crypto-currency security company which he co-founded, called Coinspect. Coinspect provides unique and custom security testing for crypto-currency and related applications. Currently Lerner is consulting for 2 seperate crypto-currencies – QixCoin and NimbleCoin – as well as an online poker startup, and a crypto-currency debit card startup.

Lerner was quick to explain a change to the original job role in a twitter post, “I must clarify that the job is not full-time, it’s on demand: it depends on the criticality and number of monthly commits.” Andresen echoed this in a reddit reply saying, “this isn’t a full-time 40-hour-per week position. I hope it grows into that, but that depends on the health of the Foundation’s finances and Sergio’s willingness to put aside his other projects.”

Andresen said Lerner was to be the fourth person supported by the Bitcoin Foundation, “working on the protocol as their primary occupation.” With the other three being Andresen himself, Corey Fields, and Wladimir van derLann.

Speaking to BNC Lerner confirmed he will be paid for his work for the Foundation, and that his efforts will be more regular and thorough because of it. “I have to schedule and reserve time in the month to review commits and report findings. Before being hired, I did this sporadically and much less formally, and with less time dedication during each audit, depending mostly on my free time.”

Though Lerner is not working full time, in the same blog post announcing the new position, Andresen expressed how important the work of full time programmers is, “According to GitHub, that translates to 48% of all commits since Day 1. Wladimir van der Laan (also supported by Bitcoin Foundation) and I respectively contributed 2,274 and 1,077. That is the difference full-time makes.” He continues by saying, “People are busy. They have lives, families, careers and hobbies outside of Bitcoin. It’s unrealistic to put expectations of a full-time employee onto a volunteer. As more and more people come to rely on this protocol and businesses build products and services powered by Bitcoin, it becomes increasingly more important to have a dedicated team doing the painstaking work it requires.”

Lerner is also active in South America’s bitcoin scene. Two days ago he gave a presentation at the 2014 Latin American Bitcoin Conference, Brazil’s first bitcoin conference, about Bitcoin Core development and his views on security.

Sophie is an artist whose secret passion is finance, economics, and technology. She loves keeping up with the ever expanding and evolving world of crypto-currency. When she isn’t painting, she can be found trying to understand the complex inner workings of markets. Another complex system she is fascinated by, are ecosystems. She often observes them on her daily hikes through nature.