Milestone 4: Audit, Production Hardening, and 12 Months of Maintenance
- Estimated Delivery: begins after Milestone 3 and covers the following 12 months
- Focus:- take the reference DEX and settlement-pattern implementation from integration-ready to operationally maintainable, with external audit, remediation, and sustained support for adopters.
- Deliverables / Value Metrics:
- third-party security audit commissioned once Milestone 3 scope is stable and deployment-critical workflows are frozen
- published audit summary and remediation status
- closure or accepted-risk disposition for all critical and high-severity findings
- production hardening pass across the reference workflows
- examples: authorization review, cancellation paths, failure handling, replay/idempotency checks, and operator recovery procedures
- maintenance and support for 12 months after audit release
- security fixes
- compatibility updates for supported Canton / SDK / token-standard changes
- bug fixes for the published reference workflows
- public maintenance log or release notes covering fixes, upgrades, and workflow-impacting changes
- operator runbook for deployment, monitoring, upgrade, and incident handling
- documented support for external adopters using or evaluating the reference
| Milestone |
Description |
Compensation |
| Milestone 4 |
Audit and maintenance for 12 months |
200,000 CC upon committee acceptance + Audit cost which will be submitted for approval once Milestone 3 is completed |
Originally posted by @pedrodneves in #108 (comment)
Milestone 4: Audit, Production Hardening, and 12 Months of Maintenance
Originally posted by @pedrodneves in #108 (comment)