Thereâs never enough eyes out there looking for threats against internet users.
Take the recently disclosed Specter and Meltdown processor vulnerabilities, which showed how threats can linger for years undetected. Though as much as such giant engineering failures get attention, each of us is more likely to be hit by smaller threats, such as an email trick or an attachment loaded with malicious links.
But for Swarm Technologies, there is a lack of incentives for security experts to look as widely as they could.
Spinning out of the security firm Narf Industries, which recently completed a blockchain identity management project for the U.S. Department of Homeland Security, Swarm Technologies believes a crypto token could be a way to close gaps in software more quickly. As such, on Sunday night, the company announced that it will be running an initial coin offering (ICO) for the purpose of enlisting security researchers across the globe in creating a safer internet.
Proceeds raised during the $50 million token sale, which starts February 6, will initially go to building out a platform called PolySwarm, the hub where Swarm hopes security researchers will come together to work on what it calls âmicro-engines,â specialized software built to scan documents, files and websites that might hide vulnerabilities.
Itâs becoming a common application of blockchains, this use of a limited data set to galvanize distributed communities toward goals. According to Bassi, Augur, the ethereum prediction market, was of particular inspiration, but while Augur harnesses the wisdom of the crowd to predict outcomes, PolySwarm wants only to incentivize experts.
But to understand the companyâs mission, itâs helpful to understand how threat detection works today, where enterprise companies do scans to check for threats when web users do anything from click on a URL to open an email.
To do this more effectively, Swarm is looking to enlist enterprise IT teams and antivirus software companies that spot new files, new software, new documents that need to be scanned, to farm out those scans to a distributed network of researchers. Those researchers will build machines to do specific scans, and each time they do Swarm will reward the machines by sending them the token.
And in Bassiâs mind, this use case will flip cryptocurrencyâs role as it relates to security â from paying the ransom on encryption attacks to one that makes developing solutions for more niche areas of the internet viable.
Bassi told CoinDesk:
âWeâre basically trying to re-invent threat intelligence.â
Threat intelligence with added economics, is another way to put it.
Swarmâs token, or ânectar,â will have a finite supply, 70 percent of which will be sold during the ICO. The company itself will keep 15 percent of the tokens, and the other 15 percent will be used to grow the network, including strategic allocations to potential security industry partners.
The company is capping the sale at $50 million, with a $5 million pre-sale. Down the road, Swarm envisions new business lines in assurance services, such as verification of security experts, analysis and insurance.
As an ERC-20 token riding on the ethereum blockchain, Bassi said smart contracts are at the core of what will make the offering succeed. The nectar tokens will be used to make all the payments on the platform, but those payments donât just flow from Swarm to the researchers. The system also requires micro-engines to stake an amount of nectar tokens on its assessment of the digital products itâs scanning.
âThe tokens they have to put into their assertion also indicates their confidence in that assertion,â Bassi told CoinDesk.
Every micro-engine (and in turn the researcher who built it) that makes the correct assessment gets a share of the fee paid for the scan, plus a share of any nectar that was staked by micro-engines that assessed the digital product incorrectly.
And according to Bassi, this mechanism of shared rewards incentivizes researchers to find niche areas to scan, where many other researchers might not be looking.
This is particularly novel in that todayâs anti-virus company structures incentivize chasing threats against the most widely used software, in an effort to attract the largest possible client base.
He told CoinDesk:
âIt provides more incentives to cover the minority populations that are getting hit hard with this stuff.â
And yet, Swarm isnât out to totally disrupt the incumbents, such as Norton and McAfee, in the space. Instead, Bassi said, those companies could serve as what PolySwarm calls âambassadors,â actually managing the relationship with consumers while PolySwarm enables them to guard against more threat surface.
Yet, for some, adding a blockchain to this industry isnât going to solve the problems.
According to Jessy Irwin, a security consultant and an alum of AgileBits, the developer of one of the leading password managers 1Password: âI donât see a clear or realistic incentive to adding a blockchain to this particular problem.â
Irwin continued, arguing that threat intelligence is already distributed and collaborative.
âMalware hunters and researchers are very much widely distributed in many different kinds of organizations,â she said. âThe people working on these issues are highly collaborative with one another while they are working on specific projects and campaigns.â
Yet, while Irwin is skeptical, other well-known security researchers seem to see value in the platform. Swarmâs advisers on the project include Dan Guido, CEO of Trail of Bits, a security firm thatâs a member of the Enterprise Ethereum Alliance, and Mark Tonnesen, whose done executive stints at Cisco and McAfee.
According to Bassi, âA token is critical to that, because up until a few years ago, we didnât have a way to move rewards across borders in sub-cent amounts without involving the global banking infrastructure.â
As Guido told CoinDesk, âTheyâre security engineers who found a new way to solve an old problem with blockchain technology. If another tool fit they job, then thatâs what they would be using.â
But Bassiâs convinced that smart contracts are the right tool to get more eyes on threats:
âIt encourages the use of a utility token for a service thatâs deeply needed.â
Safety deposit boxes via Shutterstock
