Resources
People often ask me "How did you learn how to hack?" The answer: by reading. This page is a collection of the blog posts and other articles that I have accumulated over the years of my journey. Enjoy!
Boredom Over Beauty: Why Code Quality is Code Security
John Saigle - Asymmetric Research Posted 7 Months Ago- The Web3 space is innovative yet financially risky at the same time, due to attackers' ability to directly steal money. This innovative aspect has led to many hard-won lessons in security that need to be relearned in Web3. This post is about one of them: overall code quality. Code quality is code security.
- NASA famously implemented their Power of Ten rules for clear guidelines in coding. NASA specifically implemented this because projects with extreme consequences for failure require rigorous code quality standards. CURL contains very serious coding guidelines as well.
- When code is well-structured and adheres to clear patterns, security vulnerabilities become easier to identify and harder to introduce. Codebases characterized by inconsistency, complexity, and poor organization create fertile ground for security flaws.
- Now comes the reason for the name: chase boredom instead of beauty. Most secure code is boring and simple - the JC of our company has talked about this extensively as well. Security thrives in predictability and not novelty. Besides the code, this includes docs, standards, linting, and review processes.
- Why should we take code quality so seriously? Problems cost more to fix later. Whether it's re-architecting something, a major hack, or something else, it just costs much more later. Additionally, when developers trust their foundation and execute without fear, they can build systems that will last forever. Good read!
