Skip to content
Permalink
Branch: master
Find file Copy path
Find file Copy path
1 contributor

Users who have contributed to this file

79 lines (46 sloc) 3.5 KB
AGP Title Author Status Track Created
37
Retainer for Ongoing Aragon Network Security Provider
maurelian (@maurelian)
Rejected
Finance
2019-04-10

AGP-37: Retainer for Ongoing Aragon Network Security Provider

Summary

We propose to continue our work securing the Aragon Network, on a retainer basis for a 6 month period, working with the entities responsible for developing aragonOS, Aragon apps, and other code of interest.

Address of the transfer recipient

0xF0001193a7919B14417c038604846D7b3F8F4BC3

Amount of the transfer

120,000 DAI

Number and frequency of transfers if recurring (enter “1” if only one payment will be made)

2 transfers of the amount above, payable every 3 months starting after ANV-02 has completed.

Purpose of the transfer

Description of Services

1. Iterative Security Review Services

In each 3 month period, we will allocate 5 weeks of 2 people "actively auditing". This may include smart contract auditing, penetration testing, application security review, or other intensive security review related work. We respectfully request a minimum of 2 weeks notice in advance of initiating an active audit phase.

If the full allocated time is not utilized in a given 3 month period, the difference will accumulate and carry over to another 3 month period. If Aragon One requires more time, we will charge the prorated fee in subsequent voting periods, or through the proposed ANSP Engagement Policy.

2. Secure Development Process Advisory Services

We will continue offering bi-weekly calls to assess and advise on the security of development processes, with the objective of enabling security, agility, and consistency in the release schedule.

Our commitment

Responsiveness

The time allocation and advanced notice outlined above are not designed to add friction, or bureaucracy to our work with Aragon One or other teams. Between audit periods, we will continue to support, advise and engage with the Aragon One team. We understand that time estimation is difficult in software development, and we encourage caution over meeting arbitrary deadlines.

If a start date needs to be postponed, or something else needs to shift, we will make our best effort to accomodate. We currently have two excellent auditors working on Aragon. Under this retainer arrangement we will train up more excellent people on the Aragon codebase to make that kind of responsiveness possible.

We will also actively seek opportunities to enrich security knowledge and discussion across the entire Aragon Flock and community, and look forward to opportunities to work with other Flock groups.

Transparency

We will engage with the community, to improve their awareness of security health in the Aragon Network by the following channels:

  • Attendance in bi-weekly all-devs calls
  • Monthly reporting on our activities and outcomes in the Aragon Forum
  • Public reports on findings from each active audit phase

Recipient information

Organization Name: ConsenSys Diligence Inc. Website: https://diligence.consensys.net Other URL: Our portfolio

Fill out the following information for each individual team member who will be managing funds from this transfer:

Name: Maurelian PGP key fingerprint: DB2BA6DAA44C8330

Name: Goncalo Sa PGP key fingerprint: 7194D885E14F7E36

License

Copyright and related rights waived via CC0.

You can’t perform that action at this time.