Meet Hyperledger’s New Security Maven!

By April 11, 2017Blog

We’re thrilled to announce that the Hyperledger team is growing! We’ve recently added David Huseby as the Security Maven.

David brings more than 20 years of experience working with and on open source projects in industries including aerospace, video games, and web, both server and client side. For the last decade he has focused on privacy enhancing technology, user anonymity and anti-surveillance. Most recently he was a senior platform security engineer at Mozilla where he focused on web privacy and led the project to merge Tor Browser hardening into Firefox.

Now let’s get into some questions to better understand David’s role, what he will be working on and his own aspirations for Hyperledger.

What got you interested in working on Hyperledger and blockchain?

I am a long-time Bitcoin user and enthusiastI mined my first Bitcoins when they were worth just $4.00 USD. The blockchain technology in Bitcoin has always fascinated me and like everybody else I immediately saw its potential for solving persistent problems in a variety of other industries. Working on blockchain technology has been on my to-do list for years. I was attracted to the Hyperledger project because of its solid community leadership and the integrity of The Linux Foundation. When I was given the opportunity to work on all-things-security and all-things-blockchain at The Linux Foundation, I could not refuse. I am very excited to be joining the team.

David Huseby, Hyperledger’s Security Maven

What are your main goals now that you’re part of the Hyperledger team?

I’d like to work with the community to maintain and grow the trust in our projects. Taking inspiration from other successful open source projects, I’d like us to document a set of software development and deployment best practices that all of the Hyperledger projects follow consistently. Projects like the Linux kernel, the Bitcoin core, and the Tor project have pioneered great standards for managing change and integrity during software development and deploymentwe would do well to emulate them.

I also want to partner with our project teams to build a security vulnerability reporting system that minimizes the friction of reporting security vulnerabilities responsibly.  In addition to the reporting system, I would like to organize and coach a security triage team for driving issues from reporting all the way through resolution and disclosure.

It is also important that we get out ahead of any security related regulatory issues in markets like finance and healthcare.  I’d like to work with our member partners to plan for and minimize the roadblocks for Hyperledger projects moving into regulated industries (i.e. being prepared for audits and code escrow, etc).

In addition to the above projects, I am taking a special focus on the identity problem. I plan to learn all I can about any future projects that fall under Hyperledger regarding personal identity and personal data management with blockchains. Having a good answer to the identity problem is one key element to the success of many of the Hyperledger projects.

What do you think is most important in terms of security for Hyperledger to focus on in the next year?

Blockchain technology is being applied to systems where lapses in security can result in serious consequences. I think our greatest challenge is to nurture and grow the great software engineering culture that already exists in all of the Hyperledger projects.  Security is ultimately a human problem and having good engineering culture naturally leads to consistent application of best practices. In the next year I hope to partner with the community to bring best practices such as signed commits, merges, and releases, dependency tracking, sign off accountability, and responsible disclosure of vulnerabilities to all of the Hyperledger projects. That is how we will maintain the trust of our partners and the broader community that relies on the technology we create.

What’s the one issue or problem you hope blockchain can solve?

I hope that we can solve the identity problem in such a way as to maximize the privacy and sovereignty of everyday people. So much of the computerized world is dedicated to tracking people and monetizing that information. I hope blockchains give me back control over my private self while also lowering the friction of proving that “I am me” to the myriad of balkanized systems. The last time I checked, my password manager had account credentials for over 200 different separate services that I use. Why can’t there be just one cryptographic proof for “this is me”?  And why can’t I be asked to approve what data gets shared? I truly hope we solve this problem, or at least find a good enough solution for most people.

Where do you hope to see Hyperledger and/or blockchain in five years?

In five years I hope Hyperledger is universally respected for having nurtured cooperation and leveraged technical and industry expertise to bring blockchains to market and to make tangible improvements in many different industries. I half-joke that if Apache helped make the Web, maybe Hyperledger can help make the Web easy.  Having a universal identity solution, cryptographically secure ways to share data, and auditable access to digital records would go a long way in making the Web easier for everybody. Hyperledger and The Linux Foundation is the natural place for that level of Internet-wide cooperation and in five years, I hope we will have succeeded.

What’s one thing you wish people understood about security?

I wish people understood that security is mostly a people problem. We’ve all heard stories of bad passwords being the weak link in an otherwise secure system. Having good security is like having good hygiene. It takes diligence and constant attention and strong passwords.

What is the best piece of advice you’ve ever received?

I always live by these two pieces of advice:

  1. If something is worth doing, it is worth doing right. (Thanks D). To me, this means that I should be picky in what I commit to so that when I commit, I am all in.
  2. Always have your passport. (Thanks A). Living by the first piece of advice is intense and this second piece of advice means I never miss a chance to stop and have fun. Sometimes the right answer is to get on the next plane to somewhere, anywhere, and go have fun.

What do you like to do in your spare time?

I live in Las Vegas so what don’t I do in my spare time?  Seriously though, I enjoy spending time with my friends at the Synshop Hackerspace. I am an occasional guest on the Greynoise podcast that is recorded at the Synshop every Friday evening. I also enjoy exploring the south western states, going on hikes, camping, and getting outside in general.  A few months ago I decided to start corresponding with friends through handwritten letters and because if something is worth doing, it is worth doing right, I started teaching myself Spencerian calligraphy to up my power level. I think my favorite thing to do is make new friends, so please, if you see me at a conference or a meetup somewhere, don’t hesitate to come say “hi”; we might become pen pals.