Tag: CAST

Security outfit finds holes in Blockchain projects

redstoneblock1Software Intelligence outfit CAST has found evidence that those peddling Blockchain solutions might be delivering a pile of hurt on customers.

CAST analysed 61 Open Source projects and nearly nine million lines of code. Popular Open Source projects review included Ethereum, Solidity and Bitcoin.

It found that blockchain was medicore on security. It analysed the software on Github that manages the wallet and lets users send and receive transactions. Cast analysed bitcoin, ethereum and solidity, finding the software seems to have some common weaknesses in it as the code is not under 90 percent compliant with security rules, this could lead the software to be hackable.

Blockchain projects were not particularly efficient.  Bitcoin mining is intentionally designed to be resource-intensive and complicated so that the number of blocks found each day by miners remains steady. At 71 percent, blockchain projects rank bottom in the research, flouting the most efficiency programming rules.

Lev Lesokhin, EVP of Strategy and Analytics at CAST and co-author of the Software Intelligence Report said: “As we saw with the Struts vulnerabilities that ultimately brought down Equifax, software quality issues that prevail in open source components are more easily exploitable by hackers. This report looks to identify many of these software risks that may put organisations on the defensive.”

The Software Intelligence Report looks at 61 different open source projects comprised of 75,000 source files and 8.9 million lines of code. The analysis is broken down by language for C/C++ and.Net, JEE and PHP applications, and scores these applications for Transferability, Robustness, Changeability, Efficiency and Security.