As industries around the world continue their march toward digitization or tap into Web3 to revolutionize segments of their business, security is becoming increasingly important.
Cybercrime costs the world hundreds of billions of dollars a year, an
amount that is on course to surpass a cumulative 20 trillion by 2026.
For the nascent space of Web3, this value is considerably lower, at around $6 billion, though as the industry continues to mature we predict the amount of money lost to exploits to increase drastically. Here, security is a greater challenge as the mental models required to assess these products are vastly different. They are, by nature, not only permissionless, but introduce native incentive mechanisms. However, it is not an insurmountable challenge—the data is clear: most exploits occur on protocols that deployed unaudited code
Hardening all layers of the stack is just one step of a multi-phasic plan that must take place in order to protect your company from cybercrime.
- Documentation There is an art to writing documentation. While the obvious goal is to preserve knowledge internally for onboarding purposes, its most important role should be to address architectural decisions whose rationale is not immediately obvious, in order to facilitate security and correctness audits.
- Software architecture planning Modern software design is often clunky. Specifications are drafted on an ad hoc basis, leaving a hard to audit spaghetti codebase in its wake. A high assurance codebase that scales must be architected correctly from the beginning. Complexity is the enemy of security.
- Testing practices There is a right and wrong way to write an effective unit test. There is also a whole universe beyond the familiar unit test with the potential to unlock significant security gains with minimal effort.
With education at its core, this comprises three elements of a non-exhaustive list of some of the subjects that must be revisited and overhauled during this process.