The Information Security Forum (ISF) released its latest briefing paper, Blockchain and Security: Safety in Numbers, which identifies security issues associated with developing and deploying blockchain applications.
The organization’s latest briefing paper is intended to aid those involved in blockchain deployment to better understand the benefits and risks of the main components of a blockchain network so that they can determine and then address security requirements by applying a secure systems development life cycle (SDLC) that supports live blockchain application, according to a May 8 press release.
While the assumption is that blockchain is secure because of its anonymity, the technology is not free from risks, which is why the briefing paper sets for the potential security issues that need to be considered before organizations rush to deploy applications using blockchain technology.
“Blockchain’s indelible and visible record provides many advantages. However, this record does not render blockchain immune from security issues,” said Steve Durbin, managing director, ISF, in the release.
“Many of the security issues associated with developing and operating any application – such as managing an implementation, providing acceptable technical support and training staff – are still applicable to blockchain. The main security issues specific to blockchain relate to breaches of the integrity of the ledger and individuals performing malicious or fraudulent transactions.”
The paper points to a paramount concern rooted in the reality that, at this time, blockchain risks are particularly acute because of the technology’s presumed security rooted in the belief that its consensus algorithms are robust. Many also assume that the content of the blockchain ledger is both immutable and irrefutable and that its underlying cryptography is secure enough to last the life of a blockchain application.
Blockchain has been, and will continue to be, put to different uses, yet ISF said the technology may not always be the best solution to a problem.
“While there may be a commercial advantage from being at the forefront of adopting blockchain, prudent organizations should be aware that blockchain is immature and unforeseen security issues may emerge,” continued Durbin. “Consequently, organizations should place a particularly strong emphasis on evaluating the risks of developing or using blockchain applications before trusting this innovative approach.”