The industry also needs a unified security module layer.
Written by: Haotian
Early in the morning, I saw @GoPlusSecurity planning to build a modular unified user security layer. As a former crypto security veteran, my unaccomplished security vision was ignited again. The most important “security” direction in the crypto field has always been too “service-driven” and has always been in an awkward situation of “hasty response before, regretful after”. How can we break this pattern? Will a modular security unified network be the best solution? Let me share my thoughts:
1) Security issues are always only valued after an incident occurs. This is what we often refer to as the “security awareness” problem. It cannot be improved through short-term appeals and cries. It is destined to gradually transform into a sense of vigilance only after being stung by hacking attacks and phishing incidents time and time again. Moreover, “security incidents” can only decrease as the industry matures, but they will not disappear. Therefore, security as a “service” will always be needed, but it will always be a passive need, which is not conducive to security companies improving their position in the crypto ecosystem.
2) Modularization has become a normal development path in the crypto field, whether it is a middleware network, layer2, or some independently separated DA modules, Execution modules, Settlement modules, and the expected Security security layer module, they are gradually becoming key components of the crypto ecosystem. In the future, the consensus layer, settlement layer, execution layer, DA layer, and others that make up the blockchain will be independently encapsulated in a modular manner and embedded into the architecture system of various blockchains with high interactivity. The security module layer will also become an essential or necessary plug-and-play component for each chain.
3) As the industry develops and matures, the number of pure B-end hacker attacks is decreasing. This is directly related to the continuous security protection work of developers in the industry and the advancement of industry code driven by DeFi black forest. However, the reduction in B-end security incidents does not mean that the overall security risks will disappear. Phishing attacks have become a new round of security vulnerabilities. Therefore, a security module layer that is user-oriented and can provide users with “unconscious” security protection must take on the mission.
4) Why emphasize “unconscious”? Because with technological progress and industry maturity, complex problems must be abstracted and solved at the backend infra layer, and the perception gap felt by front-end users must be minimized. Based on modular construction of chain security components, it involves timely blocking of dangerous suspicious transactions, pre-chain path rehearsals before transactions are uploaded, front-end alert warnings before signing, updates of off-chain Oracle information such as phishing websites, KYC anti-money laundering compliance supervision, and more. It sounds simple in theory, but it is not easy to be compatible with different chains, different consensus mechanisms, and even match the rudimentary wallets, Dex protocols, and other protocols in different environments in order to fully unleash the value of the modular security layer.
5) If security remains at the “service” layer, an inevitable reality is the emergence of numerous plugins, various tools, and even different security solutions for developers, ordinary users, traders, institutional users, and others. As a result, the competition among security companies becomes fierce, and ordinary users do not have a tangible sense of improvement in security hierarchy.
The security industry also needs a unified security module layer to continuously provide security warnings and improve user experience for C-end users, and to be highly compatible with B-end developers, chains, wallets, protocols, and other infrastructures. Only then can the security awareness and security protection work of C-end and B-end be consistently improved.
In conclusion, security attack and defense will always be a difficult problem in the crypto field because it involves money and there will always be hacker organizations lurking in the dark, constantly scanning for security vulnerabilities to launch attacks. Essentially, both hacker attacks and security defense are cost battles. To enhance security, the cost of hacker attacks must be increased. Fragmented security services are like guerrilla warfare, while a unified security chain ecosystem and a modular security layer are, in my opinion, the best solution to enhance the security level of crypto.
Tags:
GoPlus Network
WEB3
Security
Modularization
Source Link:
https://mp.weixin.qq.com/s/alZ4oXMCh_GKRVj7Gr6_aA
Note: The opinions expressed in this article do not represent investment advice.
Original Article Link:
https://www.bitpush.news/articles/6713376
Related News:
The dilemma of Ethereum’s innovators: Valuation and usage have reached their peak, what’s next to retain new applications?
From 0 to 1: How to create a powerful Web3 brand influence
Interview with Astar Founder: Accelerating the adoption of Web3 in the real world of Japan, developing zkEVM L2 to enter Ethereum
Lawyers snatching coders’ jobs? Ava Labs founder predicts how AI will reshape smart contracts
Understanding Vitalik’s EIP-7702 proposal in one article: The ultimate solution to account abstraction?
