Ecosystem Standards#

V1 Identity#

#	Description	NIST §
1.1	Verify that all associated accounts passwords are at least 12 characters in length (C6)	5.1.1.2
1.2	Verify that all accounts such as Telegram admins, GitHub, any associated Email accounts all use appropriate multi-factor authentication	6.1.1

#	Description	CWE
2.1	Verify that server configuration is hardened as per the recommendations of the application server and frameworks in use.	16
2.2	Verify that all components are up to date, preferably using a dependency checker during build or compile time (C2)	1026
2.3	Verify no secrets are within source code, preferably using a secrets scanner in CI environments (C8)	798
2.4	Ensure analytics for third-party providers are configured
2.5	Code should be open-source and publicly audited by the community.

#	Description
2.2	Snyk, DependencyCheck
2.3	Semgrep with Secrets Policy
2.4	Ensure analytics are connected on sites like defillama.

#	Description
3.1	Verify Telegram groups have anti-spam protection in place
3.2	Verify Discord groups have anti-spam protection in place
3.3	Reduce friction between chats
3.4	Boost engagement
3.5	Educate your community

#	Description
3.1	Enable OrgRobot with custom questions.
3.1	tgdev has a few handy free bots like daysandbox_bot & grep_robot
3.2	The built-in spam protection should be sufficient if properly configured.
3.3	Bridge your chats with the Ergo Discord
3.3	Get your Telegram added to @ErgoChats on Telegram.
3.3	Create a PR to add yourself to this documentation
3.3	Get added on ergcube and sigmaverse
3.4	Participate in the weekly developer and marketing updates.
3.4	Particpate in ergoforum.org/c/marketing
3.5	Teach good principles like KYA.
3.5	Warn users of scams being executed on the platform, particularly in response to support requests.