Applying blockchain security through clarity engineering principles is crucial for developing safe decentralized applications (DApps).
The Intersection of Security and Visibility
Security through obscurity and security through clarity are different security engineering practices.
Applying security engineering practices is critical to ensure that decentralized applications (DApps), or other types of systems, are trustworthy.
This is particularly important in an evolving threat landscape.
Security Through Obscurity
The underlying concept is, essentially, that a bad actor would unlikely exploit a vulnerability it cannot find in a system, since the exploitation of a vulnerability requires the identification and understanding of an associated vulnerability.
It is still important to note, however, that just because a vulnerability is not publicly visible for an attacker to easily identify and exploit, does not mean that that vulnerability does not exist within the system.
Blockchain Security Through Clarity
These security engineering practices apply to blockchain architecture, as well as other types of system architecture.
“Security through clarity” refers to designing DApps such that the presence of certain vulnerabilities cannot possibly be introduced, because the functionality of programs are clearly defined and expressed. This can be implemented using techniques like formal verification and property language design.
Glow, the DApp domain specific programming language (DSL) developed by MuKn’s President and Chief Scientist, Francois-Rene Rideau, provides security and privacy enhancing features that to other languages like Solidity, JavaScript or Rust, lack.
Glow empowers developers to simply and safely build DApps with various levels of complexity, such as the closing of a deal between two parties.
Francois-Rene shared his expertise in his presentation, “Security Through Clarity”, to the Open Worldwide Application Security Project (OWASP) New York City Chapter.