Our CU mandate lists five broad areas of work: Identification of Critical Infrastructure, Bug Bounty Program, Incident Response Facilitation, Core Unit Operational Audits, and Education and Advisory.
- TechOps has begun identification of their critical infrastructure as part of their CU mandate
- Coordination with the Forta team working with TechOps has begun to evaluate their use for monitoring of other critical infrastructure.
- Further work on the identification of critical infrastructure in collaboration with DeFi Safety
- Bug bounty MIP is posted
- GovComms CU has developed a draft incident response document, to which we are contributing
- We continue to gather ideas for educational content
- We made our first social media post and have set up MakerDAO channels within the Immunefi Discord
- In our original Roadmap, we were to post a MIP for our operational security audit in Dec 2021. Since there is no governance cycle in December, we decided to push this MIP to Jan 2022. This will not delay the starting date of the first operational audit.
I want to take this opportunity to heartily thank TechOps and GovComms CUs for collaborating and contributing to our CU’s goals.
- First regular office hours on December 22nd at 17:00 UTC
- Technical onboarding of Immunefi Services
- Formal submission of operational security and bug bounty MIPs
- Complete initial review of incident response procedures
- Complete initial inventory of critical infrastructure monitoring
- Begin publishing educational content
- Backups for critical monitoring infrastructure
- Fire drill
- Bug bounty program is live
- Begin operational security audits
We presented this update as a video (link to be posted). Here are the slides.