Some thoughts on protocol security #16
Description
I've noticed that the community has recently begun focusing on the security of the protocol. Here are my personal opinions:
(1) Security is actually a ROI game. When the cost of attacking a system is higher than the benefits, even if there are security issues, almost no one will attack.
(2) No matter what security measures are implemented, there are always vulnerabilities. It is impossible to achieve the security CIA triangle simultaneously.
(3) I suggest that the community start with threat modeling and systematically discuss security risks, avoiding point-by-point discussions.