Welcome to proposals Discussions! #1
Replies: 4 comments 17 replies
-
Given the heavy dependence on LSRs, I propose that the recommendations for SRs to be promoted be raised to 0 - 5. I'm also not quite sure we defined times between promotions to certain positions. |
Beta Was this translation helpful? Give feedback.
-
|
Beta Was this translation helpful? Give feedback.
-
It's a bit unclear to me, as an apprentice what it is that I can work on in order to be eligible for a promotion.
|
Beta Was this translation helpful? Give feedback.
-
Honestly when I think about it, what do you think about a more skill-oriented flexible system, rather than some fixed (undefined completely for now) criteria for each position. For objective stuff like rank in Code4rena, disclosed and paid bug bounties or well-known proven stuff like top known IT sec specialists it’s quite easy how to assign ranks. For others, so the majority I guess, practical experience should be crucial, so skills + experience should count together. Also I’m kind of missing soft skills on the list for a consultant. Anyway, maybe a different approach, so badges-based system would be a good idea. e.g. I do some Spearbit gig and during that gig I write basic tests in foundry, fuzzing tests, I do reporting, I’m active in discussions, in comms with the customer etc. After the gig I get badges signed by LSR/SR: foundry-lvl-0 (basics), foundry-lvl-1(fuzzing), client-comms-lvl-0, reporting-lvl-0, sec-vuln-lvl-0 (gas optimisations), sec-vuln-lvl-1(A,B,C low-level), sec-vuln-lvl-2 (X,Y,Z-medium level vulns) Then periodically a selected group (or all with LSR/SR) decides which badges are necessary (how many distinct sources of badges) to kick off the promotion for somebody and if conditions are met and a person has those badges then gets promoted. Over time it is necessary to know and be good at more and more stuff, then new badges are added and thresholds are modified. Skills/badges can be in generic categories like:
etc. categories + levels depending whether something is advanced or not. Badges can be collected either from:
Depends of course on the implementation it can be very complex or it can be light at the beginning and gradually badges can be added and thresholds adjusted. |
Beta Was this translation helpful? Give feedback.
-
👋 Spearbit Promotion Process Proposal
This proposal is to formalize the first iteration of the Spearbit Promotion Process as we push to a truly decentralized and self-governed community. The core team realizes the value that is presented by having the community outline the current roles and responsibilities amongst our Auditors. As well as begin to construct a transparent promotion process.
Security Researcher Role Descriptions
Lead Security Researcher (LSR)
Renowned experts in blockchain security who lead audit teams and mentor other security researchers.
Shortlist of Qualifications for this role: Core Developer at Tier 1 Protocol, Auditor at Tier 1 Firm, Top 10 on Code4rena, Experience finding and reporting critical and high vulnerabilities.
Security Researcher (SR)
Intermediate level blockchain security personnel who have some independent audits under their belt and continuously improve their skill set under the mentorship of LSRs.
Shortlist of Qualifications for this role: Junior Auditor position at Tier 1 Firm, Top 30 rank on Code4rena, Bug Hunting experience, Strong knowledge of Setup and Testing of Solidity projects.
Apprentice
Junior personnel who are just breaking into blockchain security. They participate in projects by focusing on report writing, running manual tests, and unblocking the efforts of other security researchers where possible.
Shortlist of Qualifications for this role: Passed technical assessment, Solved CTF’s (i.e. Ethernaut), Completion of Secureum RACES, Portfolio of Ethereum security related content.
Promotion Process
The core team has a proposed frequency and methodology for handling the promotion of Apprentice to Security Researcher and Security Researcher to Lead Security Researcher.
Apprentice to Security Researcher
Announcements of promotions will be communicated directly in the Spearbit Discord.
Security Researcher to Lead Security Researcher
Announcements of promotions will be communicated directly in the Spearbit Discord.
Beta Was this translation helpful? Give feedback.
All reactions