Blockchain Security Series 14 - Frederik Svantes (Security research lead @ Ethereum Foundation)
Description
Blockchain Security Series 14 - Frederik Svantes (Security research lead @ Ethereum Foundation)
Hosted by Pablo Sabbatella - pablito.eth (Blockchain Security Researcher, SEAL member)
Topics discussed:
- 00:00 - Intro
- 01:13 - How you started with computers and programming
- 02:41 - Working in Blizzard Entertainment
- 08:12 - Red and blue teams
- 14:19 - Incident response: What should web3 security learn from web2 industry?
- 18:57 - Planned and unplanned war rooms
- 22:58 - Communication mistakes during incident response
- 29:18 - Operational security
- 36:38 - Security awareness
- 39:19 - Social Engineering
- 42:51 - Role at Ethereum Foundation
- 45:38 - EF Bug Bounty Program
- 47:18 - Bounties for the execution and the consensus layer
- 49:01 - Most common types of vulnerabilities reported.
- 51:20 - Vulnerability disclosure process.
- 54:04 - Ethereum Protocol Attackathon with Immunefi.
- 59:39 - Blockchain monitoring and live threat detection.
- 01:01:46 - The future of the security in Ethereum: main challenges
- 01:06:29 - Balance between daily work and technical research
- 01:08:19 - Programming as a skill to be a blockchain security researcher?
- 01:12:16 - Favorite conferences and events
- 01:14:19 - Final thoughts
Summary:
In the 14th episode of the podcast, Fredrik Svantes, Security Research Lead at the Ethereum Foundation, shares his journey from his early days in computers and programming, through his time at Blizzard Entertainment, to his transition into the Ethereum ecosystem. In this discussion, he provides valuable insights into operational security within the blockchain space, emphasizing the crucial role of incident response, preparedness, and the growing need for security awareness and best practices.
Fredrik also explores the significance of social engineering in cybersecurity and outlines the key responsibilities of the protocol security team at the Ethereum Foundation. This team is dedicated to protecting the Ethereum network and ensuring effective coordination of security efforts across various client teams. Fredrik discusses the Ethereum bug bounty program, shedding light on the management challenges and highlighting common vulnerabilities reported, such as denial-of-service attacks. He underscores the importance of clear communication and transparency in the vulnerability disclosure process. Looking forward, Fredrik shares his perspective on the future of Ethereum’s security and the challenges the network will face as it continues to evolve.
Takeaways:
He emphasizes the importance of incident response preparedness and conducting regular exercises to ensure a calm and effective response
In the blockchain ecosystem, there is a need for increased focus on operational security, including securing front-ends, infrastructure, and private keys
Security awareness and best practices should be tailored to specific roles and responsibilities within a project or organization. Social engineering is a critical aspect of cybersecurity.
The protocol security team at the Ethereum Foundation focuses on ensuring the security of the Ethereum network and coordinating security between client teams.
The bug bounty program is an essential part of vulnerability disclosure, and it helps identify and fix vulnerabilities in the Ethereum network.
Communication in security and public disclosure are crucial in the vulnerability disclosure process, and the Ethereum Foundation follows a phased approach to disclosure.
Blockchain monitoring and live threat detection are valuable tools in identifying and responding to security threats in the Ethereum ecosystem.
The future of security in Ethereum lies in expanding the number of experts in protocol security and addressing the challenges posed by the evolving roadmap.
Programming skills are not necessarily required to be a blockchain security researcher, but having an understanding of programming and the associate
Blockchain Security Series 13 - Pashov (Founder @ Pashov Audit Group)
Hosted by Pablo Sabbatella - pablito.eth (Blockchain Security Researcher, SEAL member)
“There are a lot of hidden gem auditors in the space really. And this is my mission to find them and to work with them”
Topics...
Published 09/17/24
Blockchain Security Series 12 - Stephen Tong (Co-Founder & CEO @ Zellic)
Hosted by Pablo Sabbatella - pablito.eth (Blockchain Security Researcher, SEAL member)
Topics discussed:
- 00:56 - Your story: How did you start getting interested in security?
- 04:01 - Perfect blue: A weeb team with...
Published 08/23/24