Key-Threat-Based Security Audit
SubmittedPR- SIG
- needs-SIG
- Champion
- —
- Author org
- Composable Security
- Ask
- source pending
Abstract
The proposal is for a key-threat-based security audit of Canton's Scala codebase by Composable Security. Rather than an exhaustive line-by-line review, the audit prioritizes the highest-impact threats and focuses deep manual review on the code paths where those threats materialize (sequencer, mediator, participant nodes, cross-domain protocols, and API surfaces).
Milestones
| Title | Due date | Target | Amount (CC) |
|---|---|---|---|
| Key Threat Identification and Audit Planning | — | — | — |
| Code Audit and Report | — | — | — |
| Remediation Verification | — | — | — |
| Total | — | ||
Budget impact
- % of available
- —
- % if all RFV pass
- —
- Ask (CC)
- amount pending
Comments by org
No public reasons documented.
View discussion on GitHub