Bad Secrets, Why Pi is the Answer, and Building a Regulation-Proof Exchange
(CoinDesk) There is a an old electrician saying about fuses. When one blows, a klutz replaces it, but an expert finds out why it blew in the first place.
So it is with computer security. It is relatively easy, once you’ve found a flaw, to fix it. It’s often much harder to find out why that flaw was there in the first place, but until you do that there’s no way to know the likelihood of further problems. Although it’s never possible to be perfectly secure, it is possible – indeed, essential – to know what the risks are when you make a decision to do things in a certain way, or to adopt a particular technology.
That’s why the latest Bitcoin vulnerabilities to be fixed are particularly troubling. They’re not by themselves devastatingly dangerous problems; one could let an attacker crash a client, another could jam a client with bad messages. It’s a bit more worrying that one of the bugs was introduced as part of a previous bug fix, indicating that the testing process prior to issuing a patch may be faulty.