Secure Smart Contract Development
Jutta Steiner, the CEO and co-founder of Parity Technologies, discusses “The Evolution of Blockchain Security.” Steiner, who joined the Ethereum team in 2014 as chief of security, says the advent of that open ecosystem of interdependent “smart contracts,” or self-executing design programs, opened a whole new attack surface that requires successful organizations to prioritize a security-minded culture. Potential coding risks include memory safety, input validation, privilege escalation flaws, fundamental design flaws, side channel attacks and cryptographic vulnerabilities such as insecure key storage. Security is not just code, however — it’s also people, operational procedures, and life cycle management of applications. There is no single answer to any of these vulnerabilities, Steiner says. Instead, mitigation relies on a range of measures that are not perfect but can be used to create an overall system that is very difficult to penetrate. The key is to understand that crypto development is not like agile software development — once deployed, code is difficult to recall, and security must always be at the forefront. She closes by noting that crypto developers can learn from security approaches used in other industries, such as aerospace, medicine, and hardware.
Andreessen Horowitz’s Crypto Startup School brought together 45 participants from around the U.S. and overseas in a seven-week course to learn how to build crypto companies. Andreessen Horowitz is partnering with TechCrunch to release the online version of the course over the next few weeks.
Find more Crypto Startup School videos plus additional reading and info: https://bit.ly/2ThsHen