Ecosystem Standards#
V1 Identity#
# | Description | NIST ยง |
---|---|---|
1.1 | Verify that all associated accounts passwords are at least 12 characters in length (C6) | 5.1.1.2 |
1.2 | Verify that all accounts such as Telegram admins, GitHub, any associated Email accounts all use appropriate multi-factor authentication | 6.1.1 |
V2 Development#
# | Description | CWE |
---|---|---|
2.1 | Verify that server configuration is hardened as per the recommendations of the application server and frameworks in use. | 16 |
2.2 | Verify that all components are up to date, preferably using a dependency checker during build or compile time (C2) | 1026 |
2.3 | Verify no secrets are within source code, preferably using a secrets scanner in CI environments (C8) | 798 |
2.4 | Ensure analytics for third-party providers are configured | |
2.5 | Code should be open-source and publicly audited by the community. |
Recommendations#
# | Description |
---|---|
2.2 | Snyk, DependencyCheck |
2.3 | Semgrep with Secrets Policy |
2.4 | Ensure analytics are connected on sites like defillama. |
V3 Community Administration#
# | Description |
---|---|
3.1 | Verify Telegram groups have anti-spam protection in place |
3.2 | Verify Discord groups have anti-spam protection in place |
3.3 | Reduce friction between chats |
3.4 | Boost engagement |
3.5 | Educate your community |
Recommendations#
# | Description |
---|---|
3.1 | Enable OrgRobot with custom questions. |
3.1 | tgdev has a few handy free bots like daysandbox_bot & grep_robot |
3.2 | The built-in spam protection should be sufficient if properly configured. |
3.3 | Bridge your chats with the Ergo Discord |
3.3 | Get your Telegram added to @ErgoChats on Telegram. |
3.3 | Create a PR to add yourself to this documentation |
3.3 | Get added on ergcube and sigmaverse |
3.4 | Participate in the weekly developer and marketing updates. |
3.4 | Particpate in ergoforum.org/c/marketing |
3.5 | Teach good principles like KYA. |
3.5 | Warn users of scams being executed on the platform, particularly in response to support requests. |