CIP-???? | High Assurance Best Practices #926
Draft
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
rphair
changed the title
rphair
reviewed
Oct 15, 2024
There was a problem hiding this comment.
thanks @RSoulatIOHK - this looks promising & will be sure to mark it for triage as soon as it emerges from Draft review status.
| CIP: XXX | ||
| Title: High Assurance Best Practices | ||
| Category: Meta | ||
| Status: Draft |
There was a problem hiding this comment.
Suggested change
| Status: Draft | |
| Status: Proposed |
There is no Draft status & at the time of merged this will be Proposed if not already Active at that time.
Co-authored-by: Robert Phair <rphair@cosd.com>
Co-authored-by: Robert Phair <rphair@cosd.com>
Co-authored-by: Robert Phair <rphair@cosd.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Similarly to CIP-0052 which establishes best practices for audit, this CIP proposes a comprehensive framework for developing High Assurance (HA) software within the Cardano ecosystem. Inspired by industry standards such as DO-178C, IEC 61508, and Common Criteria, it outlines best practices for ensuring software reliability, safety, and security. The framework covers activities such as safety and security analysis, requirement traceability, rigorous testing, formal verification, and independent verification and validation. It emphasizes the importance of transparent evidence presentation, including the use of on-chain methods like CIP-68 to verify compliance.
The CIP is motivated by the growing need for secure and reliable software in the Cardano ecosystem, especially for applications with significant financial or operational implications. By adopting proven methodologies from high-assurance industries, this proposal aims to enhance trust and confidence in Cardano infrastructure and applications, ultimately supporting a safer and more resilient blockchain ecosystem. The path to activation involves community consensus, pilot projects, and the establishment of a certification committee to ensure the practical implementation and widespread adoption of these standards.
(rendered latest version)