Bitcoin’s history has been plagued with security issues from Bitcoinica to MtGox. At the DevCore conference hosted by Vessenes’ Bitcoin Foundation a new security standard was announced called the CryptoCurrency Security Standard (CCSS), which aims to provide general guidelines for best practices in regards to security involving cryptocurrency.
The organizations writing the standard are BitGo, a cryptocurrency security consultancy whose biggest client is Bitstamp, and CryptoCurrency Certification Consortium, an organization that believes their Certified Bitcoin Professional and Certified Bitcoin Expert (CBP and CBX) certificates have any value.
The standard covers 10 aspects believed are the core of Bitcoin security:
- Key/Seed Generation
- Wallet Creation
- Key Storage
- Key Usage
- Key Compromise Policy
- Keyholder Grant/Revoke Policies & Procedures
- Third-Party Security Audits/Pentests
- Data Sanitization Policy
- Proof of Reserve
- Audit Logs
The standard does not cover breaches involved from social engineering compromises, or implore the use of specific strong cryptographic solutions, such as GPG, for securing sensitive data. Like C4’s certification program, it seems the standard is more of a marketing strategy than a true security standard.