We’re currently conducting two internal security analysis efforts, and intend to make the implementation proposal only once they are complete
We have been working with 3rd party companies to review security of all parts of the IC. We are considering whether parts related to ICP on canister should be a priority for the next round, but it takes time (weeks up to a few months) to slot in.
We are working on a bug bounty program
I’d guess sandboxing to take several months (meta: I’ll take the feedback from this thread as a vote to give it high priority)
Are we saying that the rollout plan is to be extended until the end of sandboxing? I.e. even if the vote passes, it is unlikely to have the code updated by the Week of September 27, 2021 (as per the timeline above)?
Our proposed plan is to not wait for sandboxing and roll out soon, but remind everybody that the IC is still in beta and recommend experimenting only with small amounts of ICP on canisters.
I understand you probably realise this, but isn’t the issue that some party over a long period of time, say 12 months, could find the owners of node providers and bribe them to run a different consensus mechanism. By shuffling you mitigate this long-term threat? Thanks.
Sandbox for canister wasm execution is under way. The primary difficulties are a) the architectural changes to make it performant and b) disentangling the canister API such that no security-critical operations remain in the sandboxed process. The focus for initial version being implemented right now is functional correctness, disregarding performance requirements for the sake of correctness validation at first, and will therefore in all likelihood never be launchable on production network. We are committed to having sandbox launched well within this year still. More details and updates will become available in the following weeks as prototypes and designs finish.