Roadmap

Our roadmap for the development of this tool. Our goal is to harden and strengthen Cardano's stake pools, servers running nodes and prepare them to face any unforeseen disruptions. Our goal is to establish a security standard among SPOs so that delegators are aware of pools that are security conscious. We have reapplied in fund7 for further development of our tool. You can check our proposal at ideascale.

Fund-6 (Funded and development ongoing)

• Phase-1: Creating a tool to assess server load(RAM, CPU, disk & network usage) and tracking OS & software updates. Developing vulnerability scanning scripts detecting CVEs (Common Vulnerabilities and Exposures) among stake pool VPS, clouds, etc.

• Phase-2: Release of stake pool statistics according to hosting provider and updating it on a monthly basis. Ddos 101 prevention guide for different kinds of cloud services, server machines, etc where the block and relay nodes are hosted and looking forward to building a safe stress testing environment for servers running the node.

Fund-7

• Phase-3: Creating functionality to notify SPOs whenever there is a new required software update or a found vulnerability in their servers. Creating an option for SPOs to self-report their system health automatically to our portal. We also plan to create a report on Stakepool Statistics regarding the server specs, security measures, usage of cloud providers and hosting services used.

• Phase-4: Integrating OSINT mapping tools like zoom eye to find out if a particular server is exposed or leaking any sensitive details. Issuing personal security guides and video tutorials for SPOs and delegators both covering attacks such as browser-based, wireless, and physical attack vectors to prevent leakage of sensitive wallet or server information.

Fund-8

• Phase-5: Create a portal to display the security strength of SPOs and their self-audit results. Provide a personalized service to SPOs to get an independent audit and support for their Stakepools. Developing a rating system according to the security strength.

• Phase-6: Create simulations of different kinds of cyber-attacks and publish reports on the portal to keep SPOs aware of new security trends. Also, we will explore new threat vectors using threat intelligence.