Bitcoin Forum
July 08, 2024, 05:25:50 AM *
News: Latest Bitcoin Core release: 27.0 [Torrent]
 
   Home   Help Search Login Register More  
Pages: [1]
  Print  
Author Topic: Blockchain software security report by China CERT, Ripple the worst  (Read 339 times)
hl5460 (OP)
Legendary
*
Offline Offline

Activity: 1620
Merit: 1000


news.8btc.com


View Profile WWW
January 13, 2017, 01:47:03 AM
 #1

In December 2016, China CERT released a 17-page security audit report of blockchain software. As per the report, the audit was conducted in October 2016 and released later as “open” document. The report examined 25 open-source blockchain projects, categorizing the vulnerabilities found into 9 classes. A total of 746 high-level attack vectors are detected. Ripple is rated the most insecure one with over 223 highly risky bugs.



http://news.8btc.com/blockchain-software-security-report-by-china-cert-ripple-the-worst

JoelKatz
Legendary
*
Offline Offline

Activity: 1596
Merit: 1012


Democracy is vulnerable to a 51% attack.


View Profile WWW
January 13, 2017, 06:03:01 PM
 #2

My official response is here: https://ripple.com/dev-blog/response-china-cert-report/

TL;DR: It looks like they just ran a static analysis tool against a combination of security sensitive and irrelevant code, totaling the number of potential issues detected by automated, static analysis. This is almost completely meaningless because the vast majority of issues reported by such tools are false positives with no actual security implication. But it's doubly meaningless when you use it on code that already uses that exact same methodology because every issue that can be identified by this method has already been found and fixed.

I am an employee of Ripple. Follow me on Twitter @JoelKatz
1Joe1Katzci1rFcsr9HH7SLuHVnDy2aihZ BM-NBM3FRExVJSJJamV9ccgyWvQfratUHgN
Pages: [1]
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!