Our continued mission at Case is to provide an easy-to-use bitcoin wallet, without compromising security. Throughout the design and development process our engineers have been striving to reach a higher security standard with each milestone. We wanted to share how we measure our own security, why setting a community-wide standard is important, and why those standards are useful to both the end-user and developer.
Security standards are important from a user perspective because it is these standards that allow the user to compare similar services on a common metric, so that they can make an informed decision. As a more mainstream audience starts using bitcoin these standards become especially more important, as it can’t and shouldn’t be assumed that every person with a bitcoin wallet understands what a NIST SP 800-90A compliant DRBG is, or what data sanitization is – and why all of those things are so very important, and affect the security of their bitcoin. Security standards make all of this easier to digest.
Security standards are also important for every single developer building bitcoin products and services. We are protecting people’s money, their identity, their privacy, and a whole heck of a lot we can’t even imagine yet. This obligation and responsibility is HUGE and shouldn’t be something we experiment with. We’re all pretty lucky to be working on something so important, but that comes with incredible risk and security standards help to mitigate that risk. At Case we use the CryptoCurrency Security Standard (CCSS) as guidance for design and development, so that we are constantly reminded of what is necessary to reach the highest level of security. Using these standards as a benchmark helps us build a better, safer product that provides both us and our users with the confidence that we’ve built something truly secure.
The CryptoCurrency Security Standard (CCSS) was created in collaboration with the Crypto Currency Certification Consortium (C4) in the Fall of 2014. These standards are defined by a group of prominent figures in the Bitcoin community. Contributions to the CCSS were conducted voluntarily with the goal to create a security standard for all Bitcoin companies to achieve. There are also multiple certifications offered by C4 to demonstrate various levels of knowledge for aspiring Bitcoin Professionals.
The CCSS includes a checklist to measure 10 aspects of security with respect to how a company handles bitcoin from a technological and procedural perspective. This full CCSS Security Matrix is a permanent fixture on the desk of our engineers, and gives us all something to work toward. Each level requires satisfactory achievement of all previous metrics.
A greater level of explanation for each defined characteristic can be found on the Github “_data” directory. C4 is in the process of ratifying the CCSS and is working to offer official certification in September of 2015. Meanwhile, here at Case we continue to find the CCSS matrix useful and look forward to more industry-wide security standards being put in place!
Continue to read about our design process and subscribe for updates.