Cryptocurrency’s Structural Security Problem
I explore the remarkable number of failures in cryptocurrency security for Lawfare. I argue that security really is worse for cryptocurrency, because the decentralization that proponents treasure makes it hard to safely disclose and fix security holes: Software security flaws … are ubiquitous in digital products. Like writers who can’t see their own typos, most coders have trouble seeing how their software can be misused. The security flaws in their work are usually found by others, often years later. Indeed, security researchers are still finding serious holes in Windows today—30 years after it became the world’s dominant operating system. Companies like Microsoft have improved their products’ security by making peace with [security] researchers. There was a time when software producers treated independent security research as immoral and maybe illegal. But those days are mostly gone, thanks to rough agreement between the producers and the researchers on the rules of “responsible disclosure.” Under those rules, researchers disclose the bugs they find “responsibly”—that is, only to the company, and in time for it to quietly develop a patch before black hat hackers find and exploit the flaw.
Full story : Cryptocurrency’s Structural Security Problem.