Currently, we have a DAO treasury used for PIPs and PEPs. However, there is no system in place currently on how we can leverage these treasury funds to incentize whitehat researchers to disclose security vulernabilities.
currently the PNI offers a bug bounty program - however I believe we can leverage the DAO to incentize this program as well
Some of the things I plan on researching:
Look into the CVSS model and define which ones of the scoring metrics applies to POKT and security vulnerabilities. Perhaps we will end up with our own model. This information/model is not to define what level a security vulnerability is for PNI, but rather provide guidance to later shape into a formal bug bounty program.
Research into the rewards of Web3 bug bounties by parsing and scraping through: https://immunefi.com, while taking into considerations such as the payout amount, level, and their marketcap size. The purpose behind this is to present data driven information about the current market of vulnerabilities in relation to protocols and severity, and guide the DAO & future entites such as PNI to help properly fund their programs.
If the data works in my favor, then I'll probably be asking for an additional grant based off said research. (I truly do not know what the data actually looks like yet)