The developers Parity Technology announced a complete reorganization of the process of creating smart contracts, Ethereum and the safety of the IDE. As hopes the company, she learned the appropriate lesson from the past mistakes and will be able to offer new and innovative methods of development.
As stated in the blog Parity Technology, the problems faced by the users due to various bugs, is the experience, who did not want anybody. That is why the company strives to ensure that all previous errors and bugs have become a catalyst for a more secure development of Ethereum.
https://t.co/8F3Lzrm5Va covers the tooling we use to aid secure smart contract development. Most of the tools are free for open source projects. Tools include those from @trailofbits @trufflesuite @CoverallsApp @travisci
— Parity Technologies (@ParityTech) 13 May 2018
Soon, the startup promises to publish the developed procedures to create smart contracts and guidelines for their maintenance, but is now ready to share the new standards for the analysis of requests for the inclusion of code and tools that are used to increase security.
Thus, in the framework of the initiative for securing Parity Technology has created the position of head of the security service, which took Kirill Pimenov. A former employee of SUSE Linux, it, as emphasized in the company not only has an excellent understanding of the code base, but also need to observe the highest standards of safety on all fronts. In Parity Kirill Pimenov will, among other things, to oversee the audit function, the bounty program for the discovered bugs and improve processes to secure development.
“In most cases, web developers say: “the worst case scenario we release a patch”. But this is not the case, which is applicable to the development of smart contracts. There is a need to approach, comparable to what we see in the aerospace industry, where any shortcomings should be eliminated”, — said Kirill Pimenov.
About direct security process smart contracts, Parity Technology has developed a system of evaluation of the 20 items, designed to establish a single set of development standards and required documentation. Public release of this check sheet will be soon.
In addition, to ensure proper analysis of requests for the inclusion of code will now need at least two of the review.
Meanwhile, at the final stage finds the safety audit process conducted by the company Trail of Bits, about the partnership which was announced in February of this year. To date, Trail of Bits already provided developers Slither – tool which combines a set of proprietary static analysis of the language of Solidity to determine the most common mistakes.
Slither, according to the company, the software is closed source, however, other tools – Solium, Truffle, Coveralls, Travis and Echidn constructed opensource and as such, according to Parity Technology, serve as a solid Foundation for secure development of smart contracts.
Additionally, the company announces a policy of 100 percent coverage, assuming that each line of the smart contract is executed by the testing tool at least once (in practice this happens a few times), and policy 100% external review before launching smart contracts in the primary network.
We will remind, in November 2017 after the “accidental” removal code in the smart contract wallet with multipoles from Parity Technologies were frozen raised during the ICO, several blockchain startups, including project CEO Gavin wood Polkadot.
In April, the Developers of Parity Technologies stated that it did not plan to make changes in the code of your client, which would open the possibility of unfreezing funds, but could lead to separation of the Ethereum blockchain.
Source
