Author

Topic: Blockchain software security report by China CERT (Read 850 times)

hero member
Activity: 1092
Merit: 504
★Bitvest.io★ Play Plinko or Invest!
February 23, 2017, 04:24:01 AM
#1
Very interesting report was published by Chinese CERT:

Quote
In December 2016, China CERT released a 17-page security audit report of blockchain software. As per the report, the audit was conducted in October 2016 and released later as “open” document. The report examined 25 open-source blockchain projects, categorizing the vulnerabilities found into 9 classes. A total of 746 high-level attack vectors are detected. Ripple is rated the most insecure one with over 223 highly risky bugs.

Quote
China CERT,  the National Computer Network Emergency Response Technical Team/Coordination Center of China (known as CNCERT or CNCERT/CC) , was founded in September 2002. It is a non-governmental non-profit cybersecurity technical center and the key coordination team for China’s cybersecurity emergency response community. The CERT lab speaks highly of the global development around blockchain technology but also reiterates the importance of blockchain software security.

Overview of 25 projects being audited:



The 9 vulnerability categories were chosen for auditing:
1. Input Validation and Representation
2. API Abuse
3. Security Features
4. Memory Management
5. Time and State
6. Error and Exception Handling Errors
7. Code Quality
8. Encapsulation and hidden defects
9. Flaws in Code Runtime Environment



Vulnerability rating:



Results: Ripple the most insecure project



Quote
It is noteworthy that among all the projected being audited this time, Ripple is likely to be the most widely used one with the most users. At the time of writing, the software company has received 100 million USD investments from Google and Accenture. Some large financial institutions have announced their joining the payment network, including Standard Chartered, Westpac, Shanghai Huarui Bank and so on. Given the fact that Ripple is directly dealing with financial assets, should these loopholes be exploited by hackers, the institutions may suffer unimaginable losses

Ethereumj comes as the second most risky project with 110 high-level vulnerabilities. Bitshares contains 4 high-risk bugs and 665 medium ones, the highest number among all projects.
Ethereum Wallet, Hlp-candidate and OmniJ are found bearing zero or only one high-level bugs and therefore considered the most secure projects among all units being audited.

It is very interesting analysis noteworthy to study accuratelly:

http://news.8btc.com/blockchain-software-security-report-by-china-cert-ripple-the-worst
Jump to: