Ripple is the most insecure choice for a blockchain developer. Use it at your own risk.

The latest report from China's CERT states that Ripple is the worst blockchain project. They checked for code quality, and for the obvious patterns like input validation which I've discussed previously, and the result is that Ripple is the most insecure. Not only is Ripple suspect due to centralization but now code quality is under question as well. Use at your own risk.

Graphene 2.0

Steem is based on the same codebase that Bitshares 2.0 is based on. Investors, developers, users, all can take note that Graphene 2.0 is high quality code and if we look at the trend the quality is improving with each iteration. In fact it is my opinion that Graphene 2.0 is more secure than Bitcoin at this time. CERT presents the statistics to prove it which can now be utilized as part of marketing for Steem and Bitshares as a very security platform and one of the most secure in the blockchain space.

Conclusion

Security can be improved further for Ethereum but it seems the developers are headed in the right direction. Ethereum based on CASPER will be interesting and possibly more secure than Ethereum is now. As I stated in my own post, the main issue is in smart contracts will be input validation and quality secure libraries. The Chinese CERT states the same thing and has graphs to back it up. It is for these reasons that I've always remained cautious of Ethereum because I understand the difficulty in building secure smart contracts. Graphene 2.0 and Steem can rely on a powerful API with secure libraries and a very limited high performance smart contract language. Developer Dan Larimer prefers Wren likely for performance reasons. If careful action is taken to make sure the average smart contract developer can write smart contracts without the obvious input validation and similar common errors then it might work but in my opinion will require curation.

The curated model would mean Steem or Bitshares should not accept any smart contract which hasn't gone through some sort of peer review process or which doesn't utilize known secure libraries. If a library is known to be secure and easy to use such as libSodium or Boost for example then on that basis we can say with reasonable confidence the program is secure because we know the foundation is secure. Unfortunately with Ethereum everything was very new and even the language Solidity was very new so there are no secure libraries. To put it in gamer terms Ethereum is not developer friendly while Bitshares and Steem have the opportunity to take the lead in that area.

References