The below response reflects the views of L2BEAT’s governance team, composed of @krst and @Sinkas, and it’s based on the combined research, fact-checking and ideation of the two.

We have supported separate security proposals, and we also support the idea of consolidating all security-related proposals into one RFP process. We appreciate DK for leading this initiative, and we see that work on this proposal is already moving forward at a good pace. We’ll be supporting the proposal not only by voting for it, but also in any way we can if it passes.

tldr; Today, we have begun the Open Consultation Period (7 Days) to gather feedback from any parties we have not been in contact with directly. This is a skeleton of how the process would flow, including a Procurement Committee that would act as a facilitator during the onboarding and engagement periods.

Based on the research and outreach conducted this week we have initially scoped out the procurement process, and exploratory ideas are outlined in this post from @Immutablelawyer where details of the ‘Procurement Framework’ to streamline whitelisting security-oriented service providers are shared:

1. Consultation Period: The public consultation phase runs from November 10 to November 17. Community members are invited to provide feedback via a Google Form or by sending directly to Joseph.
2. Framework Components:
   • Needs Assessment: Identifying the types and processes of security services required within the Arbitrum Ecosystem.
   • Potential Eligibility Criteria: Including technical expertise, reputation, certifications, compliance, tools and techniques, financial stability, innovation, and insurance.
   • RFP Publication: Outlining the scope of work, submission guidelines, evaluation criteria, and timelines.
   • Proposal Submission and Evaluation: Detailed documentation, capabilities demonstration, initial screening, technical and commercial evaluation, reference checks, and interviews.
   • Whitelisting, Onboarding, and Contracting: Selecting providers, conducting KYB processes, and negotiating contracts.
   • Performance Monitoring and Review: Regular audits and feedback loops.
   • Renewal and Exit Procedures: Criteria for reassessment and exit strategies.
   • Documentation and Record Keeping: Maintaining an audit trail for accountability.
   • Public Disclosure: Ensuring transparency in the process.
3. Objective: The goal is to establish a fair, transparent, and efficient process for selecting qualified security service providers.
4. Participation and Contact: The community is encouraged to participate in the consultation process, both projects that need security services as well as security service providers, feel free to contact us via TG for any questions or issues.

Status Update:
tldr; The Open Consultation period has ended, and all submissions have been reviewed. The planned next steps are as follows.

1. Submit a Non-Constitutional Proposal to Snapshot; there is no cost associated with this proposal.
2. If the Proposal receives positive feedback and the consensus is to move forward, we will start discussions on who/how will facilitate managing the Procurement Committee. Our current recommendation is for a lead to be elected with a grant to start filling committee roles, as the expectation is for the procurement committee to have minimum operating funds to support Traditional Audits and Competitive Audit service providers. This election and grant for funding will be a separate proposal.

Please find the entire proposal (Step 1) to be submitted to snapshot below:

support this proposal as it promotes a more equitable selection process. The current method, which relies solely on project applications, favors early proponents, not necessarily the most deserving candidates. This approach ensures that projects are evaluated based on merit, rather than timing.

Treasure DAO’s Arbitrum Representative Council (ARC) will vote FOR this proposal on Snapshot.

• Need for Robust Security: There is a clear need for robust security to safeguard the integrity and security of the Arbitrum Ecosystem.
• Need for High Quality Providers: Selecting qualified, reliable, and high-quality security service providers is an important topic for Abritrum DAO to get right.
• Efficiency, Transparency, and Fairness: We commend the proposal for taking significant strides toward establishing an efficient, transparent, and fair process for vendor selection. This framework is clearly well thought through and driving toward the delivery of high-impact outcomes for the DAO.
• Clear Structure: We agree with the overall procurement structure proposed: sequentially covering: Needs Assessment [1], Publication of RFP [2], Submission Period [3], Evaluation Phase [4] and Whitelisting Onboarding & Contract [5]. We believe this framework has to deliver high-impact selection decisions for the DAO.
• Proactive Identification of Needs: The inclusion of a Needs Assessment is particularly commendable, allowing the Arbitrum DAO to proactively identify crucial needs and select suitable service providers. We hope this proactive approach for vendor selection extends more broadly across the DAO.
• Standardized RFP Process: We support the standardization of the RFP process submission guidelines, enhancing the ability for like-for-like comparisons of service providers and, consequently, improved selection outcomes for the DAO.
• Ongoing Performance Monitoring: The provision for ongoing performance monitoring, review, and renewal ensures the DAO continues to receive suitable and secure service support throughout their engagement.
• Further Clarity on Evaluation and Selection Process: There are still important details to flesh out, more notably the further details on the evaluation process, procurement committee, and final vendor selection mechanism. However, we are optimistic that further details will mirror the ethos of fairness, transparency, and inclusivity already expressed within this proposal.

In Summary

In summary we feel this proposal represents a well thought through and considered framework to helping the DAO address an important topic. We look forward to supporting the continued conversation.

The below response reflects the views of L2BEAT’s governance team, composed of @krst and @Sinkas, and it’s based on the combined research, fact-checking and ideation of the two.

We are generally supportive of the proposed framework and we are voting FOR in the Snapshot temperature check.

There are a few things that weren’t clear to us and we’d like to clarify them before this goes to an on-chain vote:

1. Regarding Procurement Committee:
   1. will PC be compensated for their work? (we think it should be)
   2. what is the time commitment for the PC members?
   3. what will be the eligibility criteria for PC candidates?
   4. what are the procedures for replacing PC members?
2. Regarding the relationshop between the PC and the DAO? For example, in the “Evaluation of Proposals” you mention that PC will be required to “documenting each step of the procurement process and communicating select steps in a consolidated manner to the community for review & input.” - how this review & input process going to look like?
3. Regarding the whitelisted service providers:
   1. what are the expected implications for service providers and the DAO regarding being whitelisted or not?
   2. will the DAO have an easier way of ordering services from those providers?
   3. is it the expectation that not whitelisted service providers should be discouraged from posting their own proposals to the DAO?
   4. does this have any effect on the Foundation? Is the Foundation expected to take this list into consideration when choosing their own service providers?

We may have other questions as we dig into it more, but we think it’s a very good foundation for building some operational processes for the DAO. We vote for it, and we already commit ourselves to being more active in working out the details with the team behind it in the future.