In the absence of a Security Workstream the DAO's Responsible Disclosure Program (RDP) created in SCP-46 needs a sustainable path forward to ensure we incentivize security researchers to disclose vulnerabilities that may adversely affect the DAO, token holders, or our community. HackenProof provides an affordable, easy to administer, crypto native platform that can fulfill our current needs for a monthly fee of $1,200 USD + 10% of bounty payouts. If passed this proposal would establish a budget of 75,000 USD/yr for the ongoing administration of the program in addition to bounty payments.
Shapeshift has a long history of taking security seriously. @MrNerdHair established the DAO's RDP in [SCP-46] that is currently without a clear owner or budget after the expiration of the security workstream. In order to continue this program it requires an owner responsible for its administration within the DAO, a budget, and resourcing to ensure its success.
If passed this proposal would enact the following:
HackenProof provides a simple interface that can be accessed by any number of DAO members. Additionally, they accept crypto for payment of their fees and payouts to researchers. They are willing to on-board the DAO directly, without an intermediary (IE the foundation). The agreement with them is month-to-month and in the event a new security work-stream is formed, they will have the ability to modify the proposed program.
Below are some screenshots of their interface:
Snapshot Poll To Follow.