Secureum, a portmanteau of Security & Ethereum and pronounced like the latter, started as a newsletter about observations, learnings and perspectives on security topics in Ethereum. The first issue was published on 3 January 2021, the twelfth anniversary of bitcoin network’s existence.
Since then, ten Secureum issues have been published, one every week on a Sunday. (Fun fact: all of them, except #7, had exactly 2048 words.)
The newsletter has almost 100 subscribers after two months and has received moderate attention with each issue being viewed more than a hundred times. Issue #7 on smart contract security checklist got noticed the most with some public/private praise. The posts on making DeFi protocols SAFU caught the attention of protocol teams, auditors and the security community who acknowledged several of the points raised.
While there is no dearth of DeFi protocols getting exploited or security issues for which awareness needs to be raised, I am wondering about maximising the impact of Secureum’s efforts in addressing the most pressing problems in this space. The topic that keeps coming up is the lack of quality content and quantity talent as it pertains to Ethereum security — specifically smart contract auditing. The demand for smart contract security audits/auditors far exceeds the supply, by an order of magnitude or more.
Therefore, I am pausing this newsletter for sometime to focus on identifying the best way forward for Secureum to have a more tangible impact in the domain of smart contract security. Thank you so much for subscribing to Secureum and appreciating the content so far. Secureum will be back soon with something hopefully bigger/better and with community involvement.
If you have any suggestions on potential future directions for Secureum or wish to get more engaged in some way, please email secureum at protonmail dot com. I’d love to hear your thoughts.
Until then, stay tuned and stay secure!
I think the main issue is that projects and devs themselves would love to read this kind of quality content, but that 'the public' will largely not care. They want to ape in. So focus your attention to dev groups. Perhaps scout a bit in popular dev groups on discord. But all together, deep dives on exploits won't reach a million reader audience I'm afraid. Do check in with Rekt.news. They have been able to carve out a nice balance and network!