Security Worksteam

MrNerdHair · July 21, 2021, 6:17pm

I’d like to propose that the DAO create a Security workstream. ShapeShift US’s existing Security department provides a number of services that would be very nice to have a formalized structure for in the DAO, and I think that having a specific home in the DAO for proposals regarding these types of function is important.
But perhaps more importantly, a DAO is by its very nature exposed to a lot of technical risk, and many of these risks tend to trigger more rapidly than a DAO’s native governance cycle can handle. Incident response requires a group of knowledgeable security engineers that the community trusts to act as a contact point and coordinate sensitive tasks effectively, and having a formal Security workstream already set up ahead of time would go a long way towards that goal.

I envision the Security workstream having responsibility for:

Providing architecture and code review from an attacker mindset

Auditing smart contract code, both internal and that of potential partners
Advising on appropriate standards for the protection of sensitive information
Verifying sensitive processes to assure no hanky-panky is involved (i.e. the airdrop eligibility list)
Sponsoring active penetration tests
Coordinating vulnerability disclosures and incident response
Helping protect Foxes against cyberattacks and scams
Championing secure coding practices and a high standard of code quality

Specific proposals for executing these responsibilities will no doubt follow; I personally have a few I’m excited to get out there. That said, I feel that getting the infrastructure set up is the first order of business.

(Full disclosure: I’m on the existing Security team for ShapeShift US. That means I’m probably a bit biased on this subject – but I genuinely believe this proposal stands on its own merits, and while I’d love to have direct personal involvement I support this proposal even if that’s not the case.)

jonisjon · July 21, 2021, 6:36pm

This is a no-brainer from my perspective, thank you for proposing it .

IMHO - the ShapeShift DAO should absolutely setup and fund a Security workstream.

Marley · July 21, 2021, 6:59pm

This an essential workstream.

Giantkin · July 30, 2021, 12:19am

Your on my list for all security related inquiries.

storypup · August 26, 2021, 11:44pm

Cant express how important this is. Has my complete support as a community member. Security is not only ethical it generates marketing value on its own. Another thing, its a hard issue to talk about but a sad truth. Insider threats and potential risks in dealings with other projects are an unfortunate reality. Analysts with security knowledge and the inherent traits to recognize and show restraint and respect in finding related loopholes in the proposals of other projects is a function I believe fits the scope of this work stream.

(You hint at this in your proposal i just wanted to specify this since its the most common threat to any high value project.)

Neverwas · September 2, 2021, 1:27am

I also see and would express the value and importance of establishing this workstream. The essential need for security should go without saying and I am glad to see the support expressed so far. I agree that this creates additional value to the project and having a competent team that can present a transparent process in establishing infrastructure and process has my support.

Topic		Replies	Views
Security Workstream Proposal ShapeShift DAO	5	150	August 15, 2021
[SCP-9] Shall a Security Workstream be created and Reid Rankin assigned as its initial leader?	0	113	April 19, 2023
Unification Proposal Detail Workstream Discussion	0	146	September 16, 2021
[SCP-61] Proposal to fund the Security Workstream through May 31, 2022 Proposal Discussion	5	120	March 3, 2022
Proposing Customer Support workstream ShapeShift DAO	19	181	August 9, 2021

Security Worksteam

Related topics