New Security Resources

Its been a big year. SecurEth started at EthDenver 2018. Within a few months we joined with the EthSecurity group as it formed. The intent was to develop better security resources and guidelines for the developer community. Now exactly one year after we started we can share some of the results of our efforts;

• SecurEth Development Guidelines
• SCSA Guidelines
• EthSecurity Website
• Ethereum Risk Matrix Model

So let’s check out our new resources!

SecurEth Guidelines (guidelines.secureth.org)

These are really Solidity developer based. They supply a common software documentation structure with lots of examples. We took the CryptoZombies Solidity code set and documented it using our system. They prove that the docs you need are not that big. Its not much work to document a contract but the value is significant.

Common docs have lots of advantages. They make on-boarding much easier. It allows a remote developer to read the docs from top level, architecture down to requirements. They can get up to speed without bothering anybody. The docs also answer all the questions an auditor would ask. Follow our process and your audit will be much smoother.

SCSA Guidelines (smartcontractsecurityalliance.com)

These guidelines are focused on what an auditor expects to see before an audit and the steps that a token sale must undertake before deployment, including multi-sig key management, social media and websites. They reference other common checklists where needed. They are succinct and checklist based.

EthSecurity Website (EthSecurity.org)

EthSecurity is a community of auditors and security experts. Their website is a compendium of security resources; blogs, tools, articles, audit reseach, developer resources, and community interviews of the auditor and developer community. There is a lot of content that is being continually updated. Check it out and keep the link.

Blockchain Risk Matrix

The risk matrix allows, through answering some simple questions, for a consolidated risk number from 1–100 for any DApp or core vulnerability. It uses industry standard risk methodology customized to the unique threat space of the blockchain space. This is very much a work in progress. Comments are vital!