Blockchain technologies are known to be revolutionizing the financial, real estate, energy, and many other industries. But they could be poised to help secure the software development industry as well. As described in our previous post, NodeJS is becoming more dangerous to use due primarily to supply-chain attacks. These attacks can hit a massive amount of devices worldwide and can go undiscovered for weeks. In reality, it’s not just NodeJS, but nearly any package manager such as PIP, NuGet, RubyGems, Yarn, and countless others. These package managers work by organizations uploading their software libraries to these services for other developers to download and embed into the software application they are creating. So when organizations are attacked, or when they transfer their library to another developer, that’s when the attack can occur.
So what can we do to prevent these types of attacks? Enter the RadJav V2 blockchain. An organization would be able to register and be verified on the blockchain. The organization can then place a link on their website to their verified profile on the blockchain.
Ok, so that’s great, but what’s the point of doing that?
Lets take a look at how securing software libraries is done by an organization today. There’s many ways to do it, however a secure way is to have an organization create a PGP public key, then share that key for all to download on their website. Then whenever the organization releases a new version of their software library to the public, the organization must use their PGP public key to “sign” the newly released library to prove it is them. This is typically in the form of a downloadable .asc file provided from their website next to their download. Therefore we have to have full faith in their website. Hackers could attack their website, replace these keys (which could look identical), then place malicious code into these libraries.
Compare this method to using the in-development RadJav V2 blockchain.
The registered organization would simply place a link on their website, then upload their software libraries to their website, register the newly uploaded software library with the RadJav V2 blockchain, then place the generated code along with their upload on their website. Much simpler. Not to mention, even if the website is hacked, there’s still no way for the hacker to spoof the download. It’s been registered with the RadJav V2 blockchain, so you can see it there, it cannot be hacked.
Another benefit to the RadJav V2 blockchain is the 24/7 bug bounty pool. For every block that will be mined on the V2 blockchain, part of the tokens from that block will be placed into a bug bounty pool which will encourage other software developers to find bugs in the RadJav software development platform. Making our software library even more secure.
There’s so many possibilities with the RadJav V2 blockchain, check out our technical dossier on our website for more information.
For the latest developments on RadJav, join us on our Slack channel at:
Or try RadJav yourself by downloading it here.