AGP: TBD
Title: Aragon Network Security Partner for Vote 2.
Author: maurelian
Status: Stage III
Track: Finance
Created: YYYY-MM-DD
Summary
We propose to continue working closely with the A1 team, following the productive and successfuly collaboration of our ongoing security advisory engagement during the first voting period.
Address of the transfer recipient
TBD prior to final submission of this AGP.
Amount of the transfer
TBD prior to final submission of this AGP.
Purpose of the transfer
Funding of the following activities and deliverables in support of securing the Aragon Network:
Activities
We propose to work with A1, supporting their work to iterate on the following basis:
- We will break up the work for this AGP into 3 sprints of 1 month each. On the final Tuesday of each month (April 30, May 28, and Jun 30) we will meet with A1 to plan for the following month.
- In each of the 3 months, we will set aside 1 week for intensive review of whatever code A1 has ready for us to review. These intensive review periods will function more like mini-auditsāØ, and as much as possible we will encourage A1 to package their reviews as such.
- During the remainder of the month, we will be in regular communication with A1. Through the same shared Keybase channel we currently use, we will be available to answer questions about architecture, process, and comment on the state of preparedness for upcoming mini-audits.
āØ By auditing larger changes, and ideally entire new apps we are able to better understand how these changes fit into the overall picture. By working in discrete sprints of intensive focus, with down time in between, we believe that we can provide a better service, and more significantly impact the quality and security of the project.
Deliverables
In this forum:
- At the beginning of each one month period we will publish a summary of the discussion and plan for the next period with A1.
- Following each intensive mini-audit period, we will publish a list of our findings and comments.
In the interest of efficiency, these posts be less formal than our typical reports, but no less informative or descriptive of our findings.