hl5460 (OP)
Legendary
 Offline
Activity: 1621
Merit: 1000
news.8btc.com
|
 |
January 13, 2017, 02:55:53 AM |
|
In December 2016, China CERT released a 17-page security audit report of blockchain software. As per the report, the audit was conducted in October 2016 and released later as “open” document. The report examined 25 open-source blockchain projects, categorizing the vulnerabilities found into 9 classes. A total of 746 high-level attack vectors are detected. Ripple is rated the most insecure one with over 223 highly risky bugs. http://news.8btc.com/blockchain-software-security-report-by-china-cert-ripple-the-worst |
|
|
|
|
dranster
|
|
January 13, 2017, 03:01:00 AM |
|
Most inaccurate title.....  Did you learn your English from a baby or u must be an illiterate.. BTS is the most secure blockchain |
|
|
|
|
Hueristic
Legendary
Offline
Activity: 4032
Merit: 5590
Doomed to see the future and unable to prevent it
|
|
January 13, 2017, 03:08:14 AM |
|
Most inaccurate title..... Did you learn your English from a baby or u must be an illiterate.. BTS is the most secure blockchain Red Herring much? Thanks for that post OP! |
“Bad men need nothing more to compass their ends, than that good men should look on and do nothing.”
|
|
|
JoelKatz
Legendary
Offline
Activity: 1596
Merit: 1012
Democracy is vulnerable to a 51% attack.
|
|
January 13, 2017, 03:19:55 AM |
|
We now have an official response to this report at https://ripple.com/dev-blog/response-china-cert-report/"Again, Ripple recognizes the importance of security researchers, and we take any reports of security vulnerabilities very seriously. At this time, we do not feel confident in the accuracy of the CERT report and further, and based on the way in which the report was published, we question the legitimacy of the reporting body. We are confident in our processes and our codebase, and expressly state that this report identifies no actionable items and our review, in response to it, found none either." |
I am an employee of Ripple. Follow me on Twitter @JoelKatz
1Joe1Katzci1rFcsr9HH7SLuHVnDy2aihZ BM-NBM3FRExVJSJJamV9ccgyWvQfratUHgN
|
|
|
Hueristic
Legendary
Offline
Activity: 4032
Merit: 5590
Doomed to see the future and unable to prevent it
|
|
January 13, 2017, 03:26:20 AM |
|
We now have an official response to this report at https://ripple.com/dev-blog/response-china-cert-report/" Again, Ripple recognizes the importance of security researchers, and we take any reports of security vulnerabilities very seriously. At this time , we do not feel confident in the accuracy of the CERT report and further , and based on the way in which the report was published , we question the legitimacy of the reporting body. We are confident in our processes and our codebase, and expressly state that this report identifies no actionable items and our review, in response to it, found none either." Looks like their response is the illiterate one of the two. Fixed that first one for them. And further, am not touching that last sentence.  |
“Bad men need nothing more to compass their ends, than that good men should look on and do nothing.”
|
|
|
kelsey
Legendary
Offline
Activity: 1876
Merit: 1000
|
|
January 13, 2017, 04:20:34 AM |
|
expressly state that this report identifies no actionable items
well i can think of atleast one painfully obvious reason why  and our review, in response to it, found none either."
which validates the rating  |
|
|
|
|
Spoetnik
Legendary
Offline
Activity: 1540
Merit: 1011
FUD Philanthropist™
|
 |
January 13, 2017, 04:41:40 AM |
|
All i would have to think about Ripple is if the system is controlled by a central closed source point.. then if that point is exploited then the whole entire thing falls apart like a house of cards. Then we could end up with another GOX or Cryptsy going on where they would end up lying for ages and cooking the books behind closed doors. I would say those are the last coins on earth i would touch. I have never owned a Ripple coin or Bitshares nor would i. All records of my activity on any site would prove this easily too. I don't support ICO scam scheme coins for profit. Guys, just imagine all those Big Banks the Ripple guys say are using Ripple.. What happens with them when they get hacked ? |
FUD first & ask questions later™ |
|
|
hl5460 (OP)
Legendary
Offline
Activity: 1621
Merit: 1000
news.8btc.com
|
|
January 13, 2017, 08:44:47 AM |
|
We now have an official response to this report at https://ripple.com/dev-blog/response-china-cert-report/"Again, Ripple recognizes the importance of security researchers, and we take any reports of security vulnerabilities very seriously. At this time, we do not feel confident in the accuracy of the CERT report and further, and based on the way in which the report was published, we question the legitimacy of the reporting body. We are confident in our processes and our codebase, and expressly state that this report identifies no actionable items and our review, in response to it, found none either." That's really quick response. |
|
|
|
|
jacafbiz
|
|
January 13, 2017, 09:03:28 AM |
|
There are some things common to both Ripple and Bitshares
1. Both are Proof of Stake coin
2. Both have more than billion tokens
3. Both are centralised
I'm not surprised about the report at all. I think we need independent research like this to expose flaws like this to protect investors
|
|
|
|
|
|
Spoetnik
Legendary
Offline
Activity: 1540
Merit: 1011
FUD Philanthropist™
|
|
January 13, 2017, 01:16:50 PM |
|
There are some things common to both Ripple and Bitshares
1. Both are Proof of Stake coin
2. Both have more than billion tokens
3. Both are centralised
I'm not surprised about the report at all. I think we need independent research like this to expose flaws like this to protect investors
How about crooked unfair rigged launches ? Does that interest you ? Funny how i never hear anyone bring up that shit.. Doesn't seem to matter if Zcash has a genius tax for example. The only REAL question is.. how much ROI'z can i get at Polo for them ? |
FUD first & ask questions later™ |
|
|
JoelKatz
Legendary
Offline
Activity: 1596
Merit: 1012
Democracy is vulnerable to a 51% attack.
|
|
January 13, 2017, 06:08:14 PM |
|
expressly state that this report identifies no actionable items
well i can think of atleast one painfully obvious reason why and our review, in response to it, found none either."
which validates the rating Did you read my reply? Their methodology appears to be totaling the number of potential issues detected by automated, static analysis. This is almost completely meaningless because the vast majority of issues reported by such tools are false positives with no actual security implications. But it's doubly meaningless when you use it on code that already uses that exact same methodology because every issue that can be identified by this method has already been found and fixed. In fact, due to our use of this very same methodology, we've found and fixed bugs in third-party libraries we use such as RocksDB and Boost. https://github.com/facebook/rocksdb/pull/333https://github.com/boostorg/coroutine/pull/20 |
I am an employee of Ripple. Follow me on Twitter @JoelKatz
1Joe1Katzci1rFcsr9HH7SLuHVnDy2aihZ BM-NBM3FRExVJSJJamV9ccgyWvQfratUHgN
|
|
|
dadingsda
Legendary
Offline
Activity: 1310
Merit: 1000
|
|
January 13, 2017, 10:26:39 PM |
|
There are some things common to both Ripple and Bitshares
1. Both are Proof of Stake coin
2. Both have more than billion tokens
3. Both are centralised
I'm not surprised about the report at all. I think we need independent research like this to expose flaws like this to protect investors
Why is BTS centralised? |
INVALID BBCODE: close of unopened tag in table (1)
|
|
|
Spoetnik
Legendary
Offline
Activity: 1540
Merit: 1011
FUD Philanthropist™
|
|
January 14, 2017, 01:16:44 AM |
|
There are some things common to both Ripple and Bitshares
1. Both are Proof of Stake coin
2. Both have more than billion tokens
3. Both are centralised
I'm not surprised about the report at all. I think we need independent research like this to expose flaws like this to protect investors
Why is BTS centralised? Because it's another ICO scam. |
FUD first & ask questions later™ |
|
|
buwaytress
Legendary
Offline
Activity: 3024
Merit: 3727
Join the world-leading crypto sportsbook NOW!
|
|
January 14, 2017, 12:22:05 PM |
|
Always healthy to have as much scrutiny from as many different sources, independent and otherwise.
Is Ripple the only one who finds the report and its methodology flawed and, therefore, unactionable? I find it unlikely that ALL these would result in false positives and it seems even Ripple concurs.
|
|
|
|
JoelKatz
Legendary
Offline
Activity: 1596
Merit: 1012
Democracy is vulnerable to a 51% attack.
|
|
January 14, 2017, 06:47:15 PM |
|
Always healthy to have as much scrutiny from as many different sources, independent and otherwise.
Is Ripple the only one who finds the report and its methodology flawed and, therefore, unactionable? I find it unlikely that ALL these would result in false positives and it seems even Ripple concurs.
For projects that don't use this form of analysis already, typically between 1 to 2 in 100 of these reports on security critical code reflect an actual issue. But without surveying a statistical sample of them in that particular code base, you're really just guessing. When we ran the first such report on rippled, we debated "fixing" every issue to get the number down to zero. The advantage would be that it would make it easier to scan future versions of the code as you wouldn't have a large number of false positives to wade through. We ultimately decided not to because in many cases it would require making the code harder to understand and maintain. I wonder, if we had done so, would this report said we were the most secure or would they just have left us out? (And, to be clear, it would have also been absurd to say that a zero count from a tool like this makes us the most secure.) |
I am an employee of Ripple. Follow me on Twitter @JoelKatz
1Joe1Katzci1rFcsr9HH7SLuHVnDy2aihZ BM-NBM3FRExVJSJJamV9ccgyWvQfratUHgN
|
|
|
Spoetnik
Legendary
Offline
Activity: 1540
Merit: 1011
FUD Philanthropist™
|
|
January 15, 2017, 08:25:31 AM |
|
Nice SIG.. an "employee" of an open source fair launch decentralized free market currency ? Let me guess you have a CEO and a CTFO etc too  Ripple.. "Big Banks"  No others in Crypto are as scammy with their scheme and as persistent as Ripple douche nozzles. |
FUD first & ask questions later™ |
|
|
|
poloniexwhale
|
|
January 15, 2017, 09:41:57 AM |
|
How to define the most secure? You heard this from BTS devs? They are braggers, I don't trust them. |
|
|
|
r0ach
Legendary
Offline
Activity: 1260
Merit: 1000
|
|
January 15, 2017, 09:50:23 AM |
|
We now have an official response to this report at https://ripple.com/dev-blog/response-china-cert-report/"Again, Ripple recognizes the importance of security researchers, and we take any reports of security vulnerabilities very seriously. At this time, we do not feel confident in the accuracy of the CERT report and further, and based on the way in which the report was published, we question the legitimacy of the reporting body. We are confident in our processes and our codebase, and expressly state that this report identifies no actionable items and our review, in response to it, found none either." Just politely tell the Chinese that Ripple is not a decentralized currency in the first place (such a thing may not even be possible). Problem solved. |
|
|
|
hl5460 (OP)
Legendary
Offline
Activity: 1621
Merit: 1000
news.8btc.com
|
|
January 17, 2017, 02:49:59 AM |
|
We now have an official response to this report at https://ripple.com/dev-blog/response-china-cert-report/"Again, Ripple recognizes the importance of security researchers, and we take any reports of security vulnerabilities very seriously. At this time, we do not feel confident in the accuracy of the CERT report and further, and based on the way in which the report was published, we question the legitimacy of the reporting body. We are confident in our processes and our codebase, and expressly state that this report identifies no actionable items and our review, in response to it, found none either." Just politely tell the Chinese that Ripple is not a decentralized currency in the first place (such a thing may not even be possible). Problem solved. I think it's difficult to draw a line between centralization and decentralization. |
|
|
|
|
