Editor’s note: Andreessen Horowitz’s Crypto Startup School brought together 45 participants from around the U.S. and overseas in a seven-week course to learn how to build crypto companies. Andreessen Horowitz is partnering with TechCrunch to release the online version of the course over the next few weeks.
Week five of a16z’s Crypto Startup School gets into the inner workings of crypto projects, with a focus on security and project development from the front lines.
In the first video, Jutta Steiner, the CEO and co-founder of Parity Technologies, discusses “The Evolution of Blockchain Security.”
Steiner, who joined the Ethereum team in 2014 as chief of security, says the advent of that open ecosystem of interdependent “smart contracts,” or self-executing design programs, opened a whole new attack surface that requires successful organizations to prioritize a security-minded culture.
Potential coding risks include memory safety, input validation, privilege escalation flaws, fundamental design flaws, side channel attacks and cryptographic vulnerabilities such as insecure key storage. Security is not just code, however — it’s also people, operational procedures, and life cycle management of applications.
There is no single answer to any of these vulnerabilities, Steiner says. Instead, mitigation relies on a range of measures that are not perfect but can be used to create an overall system that is very difficult to penetrate. The key is to understand that crypto development is not like agile software development — once deployed, code is difficult to recall, and security must always be at the forefront.
She closes by noting that