Immunefi Security Core Unit (ISCU) update for December

Our CU mandate lists five broad areas of work: Identification of Critical Infrastructure, Bug Bounty Program, Incident Response Facilitation, Core Unit Operational Audits, and Education and Advisory.

Recent progress

  • TechOps has begun identification of their critical infrastructure as part of their CU mandate
  • Coordination with the Forta team working with TechOps has begun to evaluate their use for monitoring of other critical infrastructure.
  • Further work on the identification of critical infrastructure in collaboration with DeFi Safety
  • Bug bounty MIP is posted
  • GovComms CU has developed a draft incident response document, to which we are contributing
  • We continue to gather ideas for educational content
  • We made our first social media post and have set up MakerDAO channels within the Immunefi Discord
  • In our original Roadmap, we were to post a MIP for our operational security audit in Dec 2021. Since there is no governance cycle in December, we decided to push this MIP to Jan 2022. This will not delay the starting date of the first operational audit.

I want to take this opportunity to heartily thank TechOps and GovComms CUs for collaborating and contributing to our CU’s goals.

Anticipated soon

  • First regular office hours on December 22nd at 17:00 UTC
  • Technical onboarding of Immunefi Services

Anticipated Jan 2022

  • Formal submission of operational security and bug bounty MIPs
  • Complete initial review of incident response procedures
  • Complete initial inventory of critical infrastructure monitoring
  • Begin publishing educational content

Anticipated Feb 2022

  • Backups for critical monitoring infrastructure
  • Fire drill
  • Bug bounty program is live
  • Begin operational security audits

Slides

We presented this update as a video (link to be posted). Here are the slides.

4 Likes

We’ve now published the recording of our first update call!

3 Likes

TY for the update–nicely done. I like the visual approach :+1:

Zooming out

Any thoughts on how Immunefi is thinking 5-years out with regards to IBM Quantum breaking the 100-qubit(127) barrier recently? I mean, I know its a long-way from a 2300-qubit quantum computer that could possibly break cryptography–but wondering what your thinking is when that day does arrive… or not. Totally understandable if the game plan is not there yet.

1 Like

Not sure about that. IBM’s roadmap has 1000 qubits by 2023.

I don’t think this is within scope of Maker. It’s an Ethereum base service issue. I think most current engineering effort is going toward The Merge, but there is also some thinking on quantum resistance.

1 Like