SNAPSHOT TO REVIEW PROCUREMENT FRAMEWORK IS LIVE
The purpose of this snapshot is to ensure the framework is on the correct path;
If passed in favor of, the next step will be to discuss the specifics regarding how to elect procurement committee leadership, as well as a grant ask to fill procurement committee roles. At this step, we will wrap everything together for one final push through to onchain vote.
OPEN CONSULTATION PERIOD HAS ENDED AND PROCUREMENT FRAMEWORK DRAFTED
OPEN CONSULTATION PERIOD HAS BEGUN - ENDING NOV 17
SNAPSHOT TEMP CHECK HAS PASSED WITH ~99% SUPPORT
The intention of the Snapshot is to signal willingness and interest to coordinate as a DAO on a RFP Process. A focus group dedicated to begin working on this will be discussed during the Delegate Workshop on Tuesday, Nov 7th, at 3 pm UTC.
The main objective of the proposal is to establish a comprehensive Request for Proposal (RFP) process for the selection of auditors or security-based service providers in the Arbitrum ecosystem. This process consolidates the piecemeal approach of individual auditors submitting separate budget requests. The proposed RFP process will provide a structured framework for the onboarding of security service providers, and a council responsible for ensuring due diligence has been conducted on what the DAO is comfortable sponsoring, financially or otherwise.
The proposal emphasizes the importance of stakeholder involvement in the RFP process and calls for the Arbitrum DAO to consider this proposal and participate in the conversation. I open the call to action to all security service and tooling providers, as we can never be too safe.
I do recommend that the leader of this focus group ultimately be in a role that currently facilitates the buy-side of an auditing arrangement as they know the importance of deal negotiation, current market pricing on services, the rapport of various auditors in the business, understand the importance of established auditing relationships, areas of concern that need attention, etc. I have offered to lead the focus group pro bono, but I am happy to be an advisor and take a backseat role.
Multiple security proposals are being introduced piecemeal; the Arbitrum DAO should not rush into anything but work together on an inclusive RFP framework.
The security of smart contracts is of utmost importance in the Arbitrum ecosystem. To ensure the highest level of security, we propose implementing an RFP structure for smart contract security auditors. This proposal aims to establish a process for onboarding security service providers and then selecting them on a per-project basis in a transparent, fair, and efficient manner. The process will be open to all security engineers, researchers, and organizations.
The Arbitrum DAO shall issue an RFP for security services. The RFP will outline the requirements for security professionals, including their experience, qualifications, and methodology. The RFP will also specify the scope of the security services needed, the timeline, and the compensation rates for various project categories. [RFP Details TBD]
The selection process will be based on the following criteria:
Experience and Qualifications: Security researchers must have a proven track record of conducting smart contract security audits and/or tooling & platform development. They must have experience with the Arbitrum ecosystem and be familiar with its unique features.
Methodology: Security researchers must have a rigorous audit and tooling SDLC methodology. They must be able to identify vulnerabilities and provide recommendations for remediation.
Price: Auditors must provide a competitive price for their services. [Standarized Metrics for rates TBD]
The selection process will be overseen by a committee of experts appointed by the Arbitrum DAO. The committee will review the proposals submitted by auditors and select the most qualified candidates based on the abovementioned criteria.
Implementing an RFP structure for security services will ensure the Arbitrum ecosystem remains secure and resilient. By establishing a transparent and fair service provider onboarding and project selection process, we can attract the best professionals and ensure they are compensated fairly for their services. We urge the Arbitrum DAO to consider this proposal and participate in the conversation, as the current state of the proposals is unmanageable, rushed, and exclusive.