Security has held significant weight in the argument against enterprise blockchain initiatives. Endpoint vulnerabilities for the encrypted ledger system, risks of malware to keys, a lack of regulation and more have created hesitation in a space ripe for innovation — with the right security protocols.

“There was nobody in this space that we saw laser focused on just blockchain security,” said Hartej Sawhney (pictured), senior advisor at Pink Sky Capital and cofounder of blockchain security company Hosho.io. “So we began focusing on auditing smart contracts … and then putting a seal of approval on that” to mitigate risk.

After seeing the low quality of smart contracts surrounding initial coin offerings at crypto hedge funds, Sawhney and his partner Yo Sub Kwon set out to create Hosho as an efficient, reliable auditing tool. Sawhney spoke with John Furrier (@furrier) and Dave Vellante (@dvellante), co-hosts of theCUBE, SiliconANGLE Media’s mobile livestreaming studio, at the Polycon18 event in the Bahamas. They discussed the vulnerabilities in current blockchain processes and how Hosho is reducing ICO risk.

Building security standards for a new industry

As much attention as blockchain has gotten from companies and individuals alike, serious security considerations are still rare among even those who face tangible risks. “We have the best hedge funds cutting checks into companies before the smart contract is even written, let alone audited,” Sawhney said.

What Sawhney hopes to do with Hosho is partner with these hedge funds and affirm their commitment to security early on, both internally and within the smart contract. Hosho secures these agreements by doing a line-by-line code review of each smart contract that’s written, conducting a gas analysis and a static analysis, and making sure that the smart contract follows the guidelines of its white paper.

“We can mitigate the risks for exchanges and for investors,” he said. “There’s no chance that this is going to be hacked, money won’t be stolen, money won’t be lost, and there’s no chance of a security vulnerability.”

Hosho’s necessity was born out of lax standards in the space, mostly due to a lack of programmers with understanding of blockchain’s most common language Solidity. As a result, smart contracts are often written not by seasoned full-stack engineers, but web developers with an insufficient understanding of the language Solidity.

“One hundred percent of the time that Hosho has audited code for a smart contract, we have found at least a couple of vulnerabilities — even as a second or the third auditor,” Sawhney said.

With so much demand in the space, Hosho is looking to artificial intelligence to assist in offloading some manual labor from its auditors. “We are building a lot of proprietary tooling to speed up the process, to automate conducting a gas analysis … static analysis,”  Sawhney stated.

As Hosho continues to perfect its security processes, Sawhney sees ever-expanding potential for the world of blockchain. “Every single day that we audit code, our process gets faster and faster and faster, because once we find a vulnerability, finding that same vulnerability next time will be faster and easier,” he said.

Here’s the complete interview, and there’s much more SiliconANGLE and theCUBE coverage of Polycon18.

Photo: SiliconANGLE