Security Committee Funding Proposal

I have spoken to Enigma, who will not support this.

Thanks for your comments and suggestions <3

Hi Dan,

This one hell of a proposal with not a lot of information regarding credentials or measurable targets to hit. Also, what justifies 22,000 SCRT as a discretionary budget?

2 Likes

the total spend appears to be 40k scrt and not 28k scrt unless the 3000 scrt each is for all 3 months which it doesn’t seem like. please make the appropriate correction.

1 Like

I have a few questions.

  1. What exactly is the secops platform? (I see your explanation but I don’t really get what it is. Is this a tool that will scan network validators for vulnerabilities?)
  2. What exact hardware is needed for the secops platform?
  3. How much of the discretionary budget is for the dev and how much is for hardware?
2 Likes

I’d also like to point out as of right now this proposal is asking for $151,600. So what are the fixed USD costs of this proposal? @gaia recently said he would vote no on proposals that do not list a USD ask which imho makes a lot of sense. So i’d like to know the fixed costs so we can have an idea of what the final scrt ask will be, especially if scrt keeps pumping over the next 6 days this is on the forums.

Hi Dan,

Just some questions and notes on the proposal.

I like that you would be doing more research into SGX, and related services and would be keeping the network up also disaster recovery solutions are nice for exploration. Its also beneficial to the network where open endpoints are constantly processed and reviewed and incident reports like post-motems are good and healthy.

Things i am not sure about:

  • Can you describe more about the ‘secret network secops platform’ what are the benefits of having one for the network? Is it purely for research? Does it warrant that cost? If so how?
  • If you are looking at SGX Vunrabilies and or similar things you need to have Enigma on this committee from day 1 and hopefully a touch with Intel through them.
  • Since this is a security committee, it should also cover contract security and issues and mitigations.
  • Also cost can we have $USD values for Discretionary Budget and Leads payment, since governance is moving towards a template for future proposals on-chain.

EnigmaMPC gets advanced notice regarding SGX vulnerabilities before they are made public as apart of their relationship with intel as well as being the company that devs the core sgx related aspects of the network. This is largely why they seem best positioned to cover this side of things. It’s fine to have others research it but i don’t know if they can collab since enigma cannot divulge information about these vulnerabilities to 3rd parties until the info is public.

Also one thing i missed to add is can you tag Kromsten here on the forums, discord or telegram. So we can get to know the other lead in the committee.

1 Like

I have spoken to Enigma, who will not support this.

Thanks for your comments and suggestions <3

Where is the proposal? I was hoping to give it a read @dbriggsie!

Can you elaborate on why Enigma won’t support the proposal?