Bitcoin’s history has been plagued with security issues from Bitcoinica to MtGox. At the DevCore conference hosted by Vessenes’ Bitcoin Foundation a new security standard was announced called the CryptoCurrency Security Standard (CCSS), which aims to provide general guidelines for best practices in regards to security involving cryptocurrency.
The organizations writing the standard are BitGo, a cryptocurrency security consultancy whose biggest client is Bitstamp, and CryptoCurrency Certification Consortium, an organization that believes their Certified Bitcoin Professional and Certified Bitcoin Expert (CBP and CBX) certificates have any value.
The standard covers 10 aspects believed are the core of Bitcoin security:
- Key/Seed Generation
- Wallet Creation
- Key Storage
- Key Usage
- Key Compromise Policy
- Keyholder Grant/Revoke Policies & Procedures
- Third-Party Security Audits/Pentests
- Data Sanitization Policy
- Proof of Reserve
- Audit Logs
The standard does not cover breaches involved from social engineering compromises, or implore the use of specific strong cryptographic solutions, such as GPG, for securing sensitive data. Like C4’s certification program, it seems the standard is more of a marketing strategy than a true security standard.
We believe the standard is a very strong start but we have released it as a draft for a reason. If you feel there are areas lacking that you can add to, we encourage you to contribute to fill those gaps.
You can visit the repository here: https://github.com/CryptoConsortium/CCSS
Thanks for your feedback,
Josh
To quote someone of great importance:
I was unable to link this key with a WOT identity only one from keybase which really doesn't tell me much.
You are welcome to drop by #bitcoin-assets and discuss in-depth with the professionals.
[1] Source
Why would he contribute to your thing ? This nonsense is roughly equivalent to child playing with toy truck, telling some truckers "hey, if you see a problem with my toy truck, why don't you come and fix it!".
What exactly do you take yourself for ?! How about you stfu, go do your year's worth of log reading after which YOU contribute, to actual Bitcoin ?
Stop wasting your life with perianne boring-esque pretense and general derpage, you're not getting any younger. Without the signature of the lordship you can not be a part of this thing. Swallow that already, do yourself that service, get over your airs and start your education.
Keep your CSS out of my bitcoin!