TL;DR

0xTaylor is working with Spearbit/Cantina to bring an initiative that subsidizes the cost of a virtualized CISO for a limited number of parachain teams and top PBA graduates.

This program would fund 533 hours total for a vCISO offering by Spearbit with leading blockchain security experts. PBA top graduates would receive up to 128 hrs split amongst the winners and Polkadot parachain teams would draw from a bucket of 405 hrs.

Also, WTF is a vCISO?

A virtual Chief Information Security Officer (or sometimes called a fractionalized CISO) is a service provided by external security service providers to fulfill a leadership role in guiding security principles for early/medium maturity entities as a part-time/fill-in type offering.

Synopsis

The proposal seeks to subsidize vCISO services (architecture review/advisory, fuzzing/unit testing, threat modeling + risk assessment, etc) for the top Polkadot Blockchain Academy (PBA) participants and existing Parachain projects. Security is crucial for any project that utilizes on-chain assets or smart contract code. When a project is exploited or hacked, it erodes trust and reputation with the wider web3 community especially with retail and mainstream users. Traditional security reviews, private audits, and security services can be extremely expensive for projects, running upwards of USD $150K+ (much more in some cases).

We are seeking this effort for PBA projects and existing Parachains so that these projects can focus their efforts, resources, and capital on development and engineering initiatives and incentivize their continued engagement with Polkadot. Our vCISO services are catered towards projects that are in the beginning and middle stages of the software development lifecycle (SDLC) as vCISO is a good fit for projects that are not necessarily ready for a full-blown, detailed audit. Our vCISO services are a great option for projects that want to build with security at the forefront but aren’t necessarily ready to invest a lot of capital in a security review or audit. We believe this program is crucial for the DOT ecosystem and wider web3 ecosystem as it aims to assist in further securing individual protocols and the wider DOT ecosystem.

Spearbit/Cantina will provide all deliverables (upon protocol approval and work completion) for transparency and ROI purposes so that the community can ensure there is value being delivered. Spearbit/Cantina is also responsible for reporting back on milestones, updates, and progress thus far as the program continues through completion. All funds requested will be used for vCISO services for PBA winners, existing Parachains, and the admin costs associated with the scoped work.

The full proposal can be viewed here:

https://docs.google.com/document/d/11o1GZaE3Qw1KAW58OhXzMcc96Ydq7p7oOVYaeW5-UBY/edit?usp=sharing

For further information relating to this proposal, please don’t hesitate to contact:

Henry Shen ([email protected])

0xTaylor ([email protected])