Sharing our Security Philosophy
We take the security and efficacy of our products seriously and are always seeking to improve our process, so to continue honing our efforts, we’ll be publishing a series of post-mortem blog posts exploring security challenges and how we addressed them. Security is a tricky topic to discuss, but transparency is a necessary part of iteratively developing great products and, more importantly, earning and maintaining your trust every day.
We’ll dive deep into a particular topic, theme, or challenge and discuss the implications, our approach, and what we believe the future state to be based on our work. Holding ourselves accountable to transparency through post-mortems builds the proper processes for us to continue improving. This also offers an opportunity for our writers to apply an editorial approach and fully explore these complex challenges and provide you with a more engaging and in-depth experience.
We’re not planning any set publishing schedule for now. Instead, we’ll publish them as they are ready, allowing you to read at your own pace. Whether you’re a long-time Chia farmer, ecosystem developer, or just discovering us for the first time, we hope you’ll join us as we strive to be a security leader in the blockchain space.
Kicking things off
We endeavor to be transparent about security concerns with you by examining the causes, impact, and lessons learned. So for our inaugural piece, we’re publishing a series of post-mortems on recent security incidents. Don’t worry; We’ve already patched them, and there is no evidence they’ve been exploited in the wild.
Security is a critical concern for all organizations. By sharing this information, we can help create a more secure environment and help you better protect yourself and your assets from similar issues. We’ve chosen to highlight the specific security issues and post-mortems linked below to demonstrate the current state of security for the Chia ecosystem and our philosophy in action.
Read the published post-mortems highlighting the technical details and documentation here:
- CLVM Infinite Recursion
- Negative values allowed in settlements payments
- Wallet error handling causing infinite loop
original source – www.chia.net/2023/01/31/sharing-our-security-philosophy/
You must be logged in to post a comment.