Difference between revisions of "Third-party security audits"

From Internet Computer Wiki
Jump to: navigation, search
m (minor test edit to test edit permissions)
(removed content and link to the new location of this page on dfinity.org)
Tags: Replaced Visual edit
 
(4 intermediate revisions by the same user not shown)
Line 1: Line 1:
== Overview==
+
This page moved here: https://dfinity.org/third-party-security-audits/
The DFINITY foundation, a major contributor to the Internet Computer blockchain, takes security very seriously. Not only do engineering and product security teams conduct various security checks and reviews internally before a feature is released, security tools, [https://internetcomputer.org/docs/current/developer-docs/security/ best practices], and formal models are also developed and open-sourced, so developers can perform their own code checks to detect bugs and improve the overall security of their dapps. What’s more, many of the major technical features built on the Internet Computer go through additional external security assessments conducted by leading organizations such as [https://www.trailofbits.com/ Trail of Bits] and [https://www.nccgroup.com/us/ NCC Group], specializing in software security assurance.
 
 
 
Getting external reviews complements internal security efforts and gives engineering and product security teams the opportunity to greatly benefit and learn from the different perspectives expert reviewers provide based on their knowledge and experience of other blockchain projects. After addressing the issues, DFINITY makes the audit reports public on this wiki page, so that the community sees an independent assessment of the feature’s security posture. Such reports signal to users and developers that minimizing the security risks of building on and engaging with the Internet Computer is of utmost importance.
 
 
 
== "ckBTC and BTC Integration Review" by Trail of Bits==
 
 
 
===Reports & Discussion===
 
Date: October 6, 2023
 
 
 
Reports & Discussion:
 
 
 
*Medium blog post: TODO
 
*Forum post: TODO
 
*[https://github.com/trailofbits/publications/blob/master/reviews/2023-03-dfinity-ckBTC-securityreview.pdf Report], fix notes (TODO)
 
 
 
===Areas of the code which were audited===
 
 
 
*ckBTC and Bitcoin Integration
 
 
 
==Service Nervous System (SNS) Reviews by Trail of Bits==
 
 
 
===Reports & Discussion===
 
Dates:
 
 
 
*First review: December 1, 2022
 
* Second review: October 6, 2023
 
 
 
Reports & Discussion:
 
 
 
*Medium blog post: TODO
 
* Forum post: TODO
 
*Report (2022), includes the fix review
 
*[https://github.com/trailofbits/publications/blob/master/reviews/2023-03-dfinity-sns-securityreview.pdf Report (2023)], fix notes (TODO)
 
 
 
===Areas of the code which were audited===
 
 
 
*Service Nervous System (SNS)
 
 
 
=="Threshold ECDSA Integration and Bitcoin Canisters" by Trail of Bits==
 
 
 
=== Report & Discussion ===
 
 
 
Date: September 5, 2022
 
 
 
Report & Discussion: [https://forum.dfinity.org/t/threshold-ecdsa-integration-and-bitcoin-canisters-security-review-by-trail-of-bits-third-party-security-audit-5/15952 "Threshold ECDSA Integration and Bitcoin Canisters - Security Review" by Trail of Bits]
 
 
 
===Areas of the code which were audited:===
 
*Threshold ECDSA Integration and Bitcoin Canisters
 
**[https://github.com/trailofbits/publications/blob/master/reviews/DFINITYThresholdECDSAandBtcCanisters.pdf "Threshold ECDSA Integration - Executive Summary"]
 
**[https://github.com/trailofbits/publications/blob/master/reviews/DFINITYThresholdECDSAandBtcCanistersFixReview.pdf "Threshold ECDSA Integration - Fix Review"]
 
 
 
=="Canister Sandboxing Review" by Trail of Bits==
 
 
 
===Report & Discussion===
 
 
 
Date: July 7, 2022
 
 
 
Report & Discussion: [https://forum.dfinity.org/t/canister-sandbox-review-by-trail-of-bits-third-party-security-audit-4/15951 "Canister Sandboxing" by Trail of Bits]
 
 
 
===Areas of the code which were audited:===
 
*Canister sandboxing
 
**[https://github.com/trailofbits/publications/blob/master/reviews/DFINITYCanisterSandbox.pdf "Canister Sandbox - Executive Summary"]
 
**[https://github.com/trailofbits/publications/blob/master/reviews/DFINITYCanisterSandboxFixReview.pdf "Canister Sandbox - Fix Review"]
 
 
 
=="Threshold ECDSA Cryptography Review" by NCC Group==
 
 
 
===Report & Discussion===
 
Date: June 16, 2022
 
 
 
Report & Discussion: [https://forum.dfinity.org/t/threshold-ecdsa-cryptography-review-by-ncc-group-third-party-security-audit-3/13853 IC "Threshold ECDSA Cryptography Review" by NCC Group]
 
 
 
===Areas of the code which were audited:===
 
*Threshold ECDSA
 
 
 
=="Internet Computer Consensus Review"  by Trail of Bits==
 
 
 
===Report & Discussion===
 
 
 
Date: March 11, 2022
 
 
 
Report & Discussion: [https://forum.dfinity.org/t/internet-computer-consensus-security-assessment-by-trail-of-bits-third-party-security-audit-2/11453 "Internet Computer Consensus: Security Assessment" by Trail of Bits]
 
 
 
===Areas of the code which were audited:===
 
*Consensus Layer
 
 
 
=="IC Assessment" by Trail of Bits==
 
 
 
===Report & Discussion===
 
 
 
Date: January 4, 2022
 
 
 
Report Discussion: [https://forum.dfinity.org/t/internet-computer-security-assessment-by-trail-of-bits-third-party-security-audit/10113 "IC Assessment" by Trail of Bits]
 
 
 
===Areas of the code which were audited:===
 
*Internet Computer Interfaces
 
*Consensus Layer
 
*Network Nervous System
 
*Ledger Canister
 
*Governance Canister
 
*Registry Canister
 
*Cycles Minting Canister
 
*Genesis Token Canister
 
*Cryptography libraries
 
*Execution Environment
 
*P2P layer
 
*Third Party Dependencies
 
*Hardware Wallet
 
 
 
==See Also==
 
*'''The Internet Computer project website (hosted on the IC): [https://internetcomputer.org/ internetcomputer.org]'''
 

Latest revision as of 13:06, 8 January 2026

This page moved here: https://dfinity.org/third-party-security-audits/

Retrieved from "https://wiki.internetcomputer.org/w/index.php?title=Third-party_security_audits&oldid=8687"