... is a code review and insurance service.
What you need :
- one (or more) well known and respected programmer(s)i, either hired, partners, external consultants, whatever worksii;
- working capital;
- some basic project management, accounting and finance skill.
What you offer. You'll start with two basic products :
- For open source code, you read the code, line by line, verify that it is in fact safe to run. You then issue a PGP-signed certificate which pretty much says "I the X of Y have reviewed the below code and judged it safe in accordance with Z".
- For closed source code, you also read the code line by line, you also verify that it is in fact safe to run. You then compile it for whatever platforms the user wants, issue the binaries as PGP-signed documents just as above.
- You offer a promise (in the form of a PGP-signed contract, obviously) to repay customers that lost BTC or other valuables through flaws in the codebase of the respective service. Like all insurance this will sport a maximum cap and possibly a minimum so you don't end up processing a lot of < 1 BTC claims. Unlike all insurance this will sport reasonable conditions - a good contract/promise will have to be drawn up for the purpose.
Obviously you'll be able to branch and diversify from there once established. Unit testing readily comes to mind for instance (and it would be a great addition because it would allow you to test your junior partners for instance). Full process insurance will probably be the end goal, likely started with hosting practices review and insurance (allowing mitigation of future bitomat.pl-typeiii and linode-typeiv disasters).
How you make money :
- Code review can easily run in the hundreds of BTC. The best way to go is probably fixed fee + per line fee or something.
- If the code is not open source, extra fees for compiling can be levied on a per platform basis.
- Insurance would obviously be a monthly payment (yearly is probably too much of a lump sum for most developers, weekly will quickly become a pain to track). Obviously you won't insure code you haven't reviewed.
Such a business would indubitably be very useful for BTC, because :
- It allows developers to distinguish themselves.
- It rewards good coding practices, and pushes towards standardisation and quality through rational means. In particular audited/insured libraries will finally make library use safe in a BTC environment.
- It allows downstream customers' trust to be built meaningfully rather than haphazardly, it allows this trust to be quantified and it allows downstream customers to correctly account for their IT exposure.
MPEx currently takes in something between a few hundred and a few thousand BTC a month and the open market values it close to 600k BTC. This could also take in a few hundred to a few thousand BTC a month, if well run by credible people, which possibly means half a million worth of BTC equity you're working for.
And yes, I would be amenable to help. I would not consider running this project, but I will consider a finance or legal position on the board. Start-up capital via MPEx may also be available, very much depending on the strength of the team and the terms of the incorporation agreement.