About this episode
Liz Steininger is the CEO of Least Authority: a company which specializes in auditing open source software since 2014. Originally founded by Zooko Wilcox, Least Authority has conducted more than 100 security audits in the space. Some of the best known contractors who requested an expert review include the Ethereum Foundation, the Electric Coin Company, Metamask, the KeyStone hardware wallet, and Avalanche.
Least Authority also builds products that make use of Zero Knowledge Proofs: PrivateStorage (a cloud storage system that's designed to make the host unaware of the files being stored), ZKAPs (Zero Knowledge Access Passes, an authorization system that separates the payer from the data on the items being bought), and Winden (a file-sharing service that's encrypted and requires no identity from the sender and receiver).
In a space which often defers to "check the code, it's open source", companies such as Least Authority offer high quality verification which makes it easier for the average non-technical person to trust that something is safe. Also, it helps builder have the peace of mind that what they're working on will not bring any unforeseen consequences.
Time stamps:
00:00 - Intro and Sponsor Mentions
?Introduction to the podcast and sponsors: Sideshift, Bitcoin.com News, EdgeWallet, LayerTwo Labs, Citrea, NoOnes.com, and HODLING.ch.
01:17 - Guest Introduction: Liz Steininger
?Liz Steininger, CEO of Least Authority, is introduced. Discussion begins about the company’s focus on security, privacy, and auditing in the crypto space.
1:57 - Irony of "Least Authority" Having a CEO
?Liz addresses the irony of a company named Least Authority having a CEO, explaining their non-hierarchical approach and balance of leadership.
03:04 - Least Authority Philosophy and Nick Szabo’s Influence
?Discussion on the principle of least authority, referencing Nick Szabo’s 2005 paper and its connection to Zooko, founder of Least Authority.
05:19 - Liz’s Tech Background
?Liz shares her journey into tech, from early internet experiences to open-source and privacy-focused technologies.
09:36 - Role of Auditing Firms in Open-Source
?Exploration of why auditing firms like Least Authority are necessary despite open-source code being publicly verifiable.
11:45 - Surprising Audit Findings
?Liz discusses instances where Least Authority found unexpected issues during audits and the value of helping clients fix them.
12:16 - Notable Clients and Audits
?Overview of Least Authority’s clients, including Zcash, MetaMask, Ethereum Foundation, Filecoin, Polygon, and Keystone hardware wallet.
14:35 - Predicting the Ethereum DAO Hack
?Liz reflects on Least Authority’s 2015 Ethereum audit, which identified vulnerabilities that later contributed to the 2016 DAO hack.
17:43 - When to Conduct Audits
?Discussion on the optimal timing for audits, depending on project roadmaps and feature development.
19:51 - Auditor Liability and Security Guarantees
?Liz explains that no system can be 100%
