My official response is here: https://ripple.com/dev-blog/response-china-cert-report/
TL;DR: It looks like they just ran a static analysis tool against a combination of security sensitive and irrelevant code, totaling the number of potential issues detected by automated, static analysis. This is almost completely meaningless because the vast majority of issues reported by such tools are false positives with no actual security implication. But it's doubly meaningless when you use it on code that already uses that exact same methodology because every issue that can be identified by this method has already been found and fixed.
Topic: Blockchain software security report by China CERT, Ripple the worst (Read 357 times)
January 13, 2017, 01:03:01 PM
January 12, 2017, 08:47:03 PM
In December 2016, China CERT released a 17-page security audit report of blockchain software. As per the report, the audit was conducted in October 2016 and released later as “open” document. The report examined 25 open-source blockchain projects, categorizing the vulnerabilities found into 9 classes. A total of 746 high-level attack vectors are detected. Ripple is rated the most insecure one with over 223 highly risky bugs.
http://news.8btc.com/blockchain-software-security-report-by-china-cert-ripple-the-worst
http://news.8btc.com/blockchain-software-security-report-by-china-cert-ripple-the-worst
Jump to: