First release | National Blockchain Vulnerability Library "Blockchain Vulnerability Grading Rules" released

In order to further establish a unified and objective vulnerability rating system for the blockchain industry, establish a sound infrastructure for blockchain security, and gradually improve many security issues in the blockchain field, the National Internet Emergency Response Center has joined forces with Changting Technology, Lianan Technology, and Anbi Lab On the basis of the CVSS2.0 vulnerability scoring system and with the four security vendors of SlowMist Technology, combined with a large number of real blockchain vulnerability cases, they jointly drafted the National Blockchain Vulnerability Database "Blockchain Vulnerability Grading Rules", which is now released to the public .  

In the network security evaluation system, the standardization research of vulnerability classification and classification is a very important basic part of the evaluation. The establishment of a unified vulnerability classification standardization scheme is of great significance to unify industry cognition, improve industry technical security, and establish a sound security evaluation system. In the early stage, when many blockchain companies and teams issued bug bounty programs, because there was no unified standard for direct reference, they often defined the threat level of vulnerabilities according to their own understanding; and security vendors also formulated their own understanding of CVSS. different evaluation criteria. In the current blockchain ecosystem, the perceptions of security vulnerabilities by various roles are not uniform, or even divergent. It is urgent to establish a set of grading rules for blockchain technology that are generally recognized by the industry, clarify the principles of vulnerability analysis, and provide a definite and executable threat level assessment reference.  

LBank Blue Shell will launch CSPR (Casper) at 20:00 on May 3rd and open USDT trading: According to the official announcement, LBank Blue Shell will launch CSPR (Casper) at 20:00 on May 3rd, open USDT trading, and open recharge at the same time According to the data, the Casper network is the first real-time proof-of-stake blockchain based on the CasperCBC specification. Casper is designed to accelerate the adoption of blockchain technology by enterprises and developers today, while ensuring its high performance in the future as the needs of network participants evolve. [2021/5/3 21:19:51]

In this context, the National Blockchain Vulnerability Library and industry security companies jointly issued the "Blockchain Vulnerability Grading Rules". The "Detailed Rules" are divided into "Detailed Rules for the Grading of Public Chain System Vulnerabilities", "Detailed Rules for the Grading of Consortium Chain System Vulnerabilities", "Detailed Rules for the Grading of Smart Contract Vulnerabilities", and "Detailed Rules for the Grading of Peripheral System Vulnerabilities", mainly based on the "degree of harm" According to the analysis of "exploitation difficulty" and other aspects, the vulnerabilities are divided into three threat levels: high, medium and low, and the description of each hazard and difficulty lists very detailed reference items, which basically covers the possible encounters in the blockchain field. Most of the detected vulnerabilities can help users quickly locate and analyze vulnerabilities. At the same time, relying on CVSS2.0, we strive to achieve intercommunication with vulnerability rules in traditional basic fields, and open up the cognition and definition of vulnerabilities in emerging fields and traditional fields of blockchain from the perspective of network security.  

First Release | Liu Yao: Baidu Blockchain launched the Tianlian platform to empower on-chain business: On December 20, the "2019 China Blockchain Developers Conference" hosted by CSDN was held in Beijing on December 20. Liu Yao, head of Baidu Smart Cloud blockchain products, gave a speech on the theme of "Enterprise Blockchain Empowers Industrial Innovation Landing". He pointed out that 2020 will be the first year for blockchain enterprises to land. With the implementation of the blockchain industry, Baidu has upgraded the blockchain to a platform-based strategy, and launched the Tianlian platform relying on Baidu Smart Cloud, which is to empower 360's on-chain business innovation. [2019/12/20]

At present, the security evaluation system for blockchain at home and abroad is still immature. In this context, the National Blockchain Vulnerability Library actively explores blockchain security norms, unites industry forces, and strives to form operable, executable, and quantifiable blockchain vulnerability grading rules to promote the security of the blockchain industry. Orderly development will help my country occupy a leading position in the field of blockchain new technologies.

First release | Antminer S17 real machine map for the first time exposed with dual-tube fan and all-in-one design: Following the official announcement of spot sales on April 9, Bitmain’s upcoming new Antminer S17 has new developments. It is reported that the real machine map of the Antminer S17 was first exposed on the Internet today.

Judging from the exposed pictures, the Antminer S17 continues the double-barrel fan design of the previous generation product S15, and adopts the body design of an all-in-one machine. Some people in the industry believe that the double-barrel design can effectively shorten the wind range, the temperature difference between the inlet and outlet of the mining machine will be smaller, and the performance of the machine will be greatly improved.

Previously, the person in charge of Bitmain’s product said in an interview with the media that compared with the previous generation of products, the new product S17 has greatly improved in terms of energy efficiency ratio and computing power per unit volume. [2019/4/3]

At present, the "Blockchain Vulnerability Grading Rules" is only the initial version, and will be continuously iteratively revised according to the actual situation of blockchain security. At the same time, all security vendors, white hats, and blockchain participants are welcome to provide valuable opinions to help improve and improve the rules.  

Contact information: cnvdbc@cert.org.cn

The content-zce of this article is authorized by the "National Blockchain Vulnerability Library". Please reprint it with a famous source.

Tags：

Ethereum