Good Morning,
Runtime Verification is pleased to submit a proposal for consideration. It can be found here -drive.google.com/file/d/1ruhI477Ca....
A copy of the text is below.
Proposal for XDC
Submitted by Runtime Verification
September 18, 2023
Administrative
*Two verification engineers are staffed to every project. Each engineer is assigned 100% to the engagement. One engineer serves as engagement lead and is the primary liaison with the customer. Additional resources can be added if deemed necessary to do so.
*All engagements begin with a project kickoff.
*All findings are reported in real time via a communication agreed upon by both parties (Slack or Discord)
*A formal report will be drafted and delivered to the customer at the end of the engagement.
*Reports for previous customers can be found here: github.com/runtimeverification/pub...
*Code changes, because of submitted findings and recommendations, will be reviewed at the end of the engagement. Changes to code base will be noted in the final report but original findings will not be removed.
*Time Estimate: A code base of this size requires an engagement of 10 weeks.
*Cost Estimate: The estimated cost is $150,000.
Notes:
*RV expects to receive project materials that it can review prior to the audit engagement.
*RV expects the customer will be available before and during the audit for consultation. This includes discussion on the selected communication channel as well as weekly meetings to review submitted findings and assess engagement progress.
*Given the size and complexity of the code base, Runtime Verification standard full audit is infeasible. The standard full audit includes two fundamental components –
(1) Design Modeling & Business Logic Review and
(2) Code Review.
*This audit, on the other hand, will include a thorough code review prioritized to focus on the areas of the code base deemed to be mission critical and/or subject to edge cases. As mentioned above, prioritization will require continued participation from the customer team.
*This audit will start with a design and property extraction phase, where engineers work closely with the client and studying the code to build a system-level exact understanding of the protocol and document it as needed.
*Thereafter the system will be examined for flaws, important edge cases, uncertainties, limitations and anything else that is relevant for understanding the exact intended high-level behavior, and for locating protocol-level bugs or weaknesses.
*Finally, the documentation of the two previous phases will act as foundation for the code deep dive, in which common bugs (rounding errors, incorrect reads or writes, etc etc) are detected but also the code is tested for the correct handling of edge cases, according to the specification. Any discrepancies will be classified as bugs, or will be used to correct the specification, feeding back into further checks for protocol level bugs.
*The phases mostly proceed linearly, but findings in later phases can lead to some feedback loops, meaning that the phases are repeated. This is part of the normal flow of the audit and is incorporated into the estimate.
For further actions, you may consider blocking this person and/or reporting abuse
Good Morning,
Runtime Verification is pleased to submit a proposal for consideration. It can be found here -drive.google.com/file/d/1ruhI477Ca....
A copy of the text is below.
Proposal for XDC
Submitted by Runtime Verification
September 18, 2023
Administrative
*Two verification engineers are staffed to every project. Each engineer is assigned 100% to the engagement. One engineer serves as engagement lead and is the primary liaison with the customer. Additional resources can be added if deemed necessary to do so.
*All engagements begin with a project kickoff.
*All findings are reported in real time via a communication agreed upon by both parties (Slack or Discord)
*A formal report will be drafted and delivered to the customer at the end of the engagement.
*Reports for previous customers can be found here:
github.com/runtimeverification/pub...
*Code changes, because of submitted findings and recommendations, will be reviewed at the end of the engagement. Changes to code base will be noted in the final report but original findings will not be removed.
*Time Estimate: A code base of this size requires an engagement of 10 weeks.
*Cost Estimate: The estimated cost is $150,000.
Notes:
*RV expects to receive project materials that it can review prior to the audit engagement.
*RV expects the customer will be available before and during the audit for consultation. This includes discussion on the selected communication channel as well as weekly meetings to review submitted findings and assess engagement progress.
*Given the size and complexity of the code base, Runtime Verification standard full audit is infeasible. The standard full audit includes two fundamental components –
(1) Design Modeling & Business Logic Review and
(2) Code Review.
*This audit, on the other hand, will include a thorough code review prioritized to focus on the areas of the code base deemed to be mission critical and/or subject to edge cases. As mentioned above, prioritization will require continued participation from the customer team.
*This audit will start with a design and property extraction phase, where engineers work closely with the client and studying the code to build a system-level exact understanding of the protocol and document it as needed.
*Thereafter the system will be examined for flaws, important edge cases, uncertainties, limitations and anything else that is relevant for understanding the exact intended high-level behavior, and for locating protocol-level bugs or weaknesses.
*Finally, the documentation of the two previous phases will act as foundation for the code deep dive, in which common bugs (rounding errors, incorrect reads or writes, etc etc) are detected but also the code is tested for the correct handling of edge cases, according to the specification. Any discrepancies will be classified as bugs, or will be used to correct the specification, feeding back into further checks for protocol level bugs.
*The phases mostly proceed linearly, but findings in later phases can lead to some feedback loops, meaning that the phases are repeated. This is part of the normal flow of the audit and is incorporated into the estimate.