Security Engineering at Stratum

A little under a month ago, I started writing a series of blog posts about the software development practices I've been following at Stratum Security. Along with detailing how the XFIL team has been designing and building software, I wanted to also write about some of the ideas we've had and research we've done to solve our biggest security-related concerns. This series of posts talks about designing, specifying, and testing software, our choices of technologies, and then goes on to discuss the problems of authentication, authorization, capability-based security, and access control in a microservice-based architecture.

Post #1 - Design, Specifications, and Testing

Post #2 - Programming Languages and Other Technologies

Post #3 - Traditional and Challenge-Response Authentication

Post #4 - Distributed Authorization and Proof-of-Work

Post #5 - Access Controls and Capability-Based Security

We're using a really modern stack at Stratum and it's my sincere hope that developers will be able to read these posts and better understand how they can start designing and implementing powerful security mechanisms in their own work.