Security
By Monty. The full write-up is available here.
Committee goals
The responsibilities of the Security Monitoring role are divided into two primary duties:
- Detection: Enabling the Hydro Committee to promptly detect malicious activity, risks, and operational incidents.
- Response: Implementing processes to coordinate with relevant stakeholders in case of security emergencies or operational problems to mitigate damages.
Given the part-time nature of the role, security monitoring will be performed on a best-effort basis, and it’s not guaranteed that a given security incident or emergency will be detected in time to prevent or mitigate any damages. The full write-up includes a table for each monitoring target, with a summary of the events and situations to be covered.
Submission requirements
To vet projects applying to Hydro and maintain high-security standards across Hydro’s third-party dependencies (e.g., POL venues), we propose a security checklist, which would serve as a requirement for applying teams. You can find the checklist below:
- The code must be open-source or source-available. It must also be audited by a reputable security firm, and the audit report must be publicly available.
- The public documentation must include emergency security contacts, upgrade capabilities, and emergency response capabilities (such as pause or freeze actions)
In addition, proposed protocol upgrades should be communicated to the Hydro committee at least two weeks in advance.