Please describe your proposed solution.

Common Criteria is a language for security requirements for software products recognized by the US, the EU and several other countries.

The developer must claim a level of Certification, to do this they need to write a Security Target and a Conformance Claim which are used by an independent auditor to evaluate the product and issue a certificate.

We will create a dApp component and its Security Target, which will be validated by the members of the Certification Working Group, which includes representatives of companies that are trusted with auditing software on Cardano.

This will allow Cardano developers to copy the process.

Please define the positive impact your project will have on the wider Cardano community.

Currently a dApp developer needs access to an expert in Formal Systems and Software Verification, which are rare and expensive skills.

This makes certifying their products inaccessible to many teams and slows down the ecosystem growth: for example CARDAX audit was valuated at 80000$ at Fund 8.

We will democratize this process and allow teams to develop a dApp at the lowest level of certification using JavaScript, which will lower skill centralization.

The long term effect is that there will be more trusted products developed by small teams in Africa, South America and developing countries

What is your capability to deliver your project with high levels of trust and accountability? How do you intend to validate if your approach is feasible?

Alex Seregin is an open source enthusiast with over 15 years of experience leading impact projects.

This work is validated by members of Certification Working Group which includes auditors and formal verification experts from MLabs, IOG and Tweag.

A prototype exists which needs improvement and documentation.

What are the key milestones you need to achieve in order to complete your project successfully?

This milestone covers the finalized source code for potential-robot, a simple architecture example of a dApp component in Helios using vesting smart contract as an example.

The following is needed:

• write the Conformance Claim
• Write the testing plan
• Write the tests
• Validate the tests.
• Refactor the code
• Document the code

To verify that the milestone is complete

the CI checks must pass on GitHub:

It has to be manually verified that the tests correspond to the test coverage plan and that the test coverage plan is described in the Security Target.

>This milestone covers writing the Security Target, for which the following is needed:

• research the existing STs
• research the existing Conformance Claims
• compile the data necessary to write the ST for potential robot
• write the ST
• validate the ST with the Certification Working Group

The security target is a document, which must be validated through a consensus mechanism in the Certification working group.

The consensus mechanism is described in the working group documentation repository.

>The final milestone covers writing the proposal and verifying:

• that the Conformance Claim in the Security Target covers the level of certification,
• the testing plan corresponds the requirements described in the Conformance Claim,
• the tests follow the testing plan,
• the tests are validated by the CI runner
• the document exists that describes this process to other developers.

Who is in the project team and what are their roles?

Aleksei Seregin is a programmer and an enthusiast in the Cardano Ecosystem.

https://www.linkedin.com/in/alex-seregin/

Certification Working Group is a community working group. The list of members of Certification working group can be found in the Working Groups discord server, link to which can be found in the working groups github repository, which is linked in this proposal.

Please provide a cost breakdown of the proposed work and resources.

1 x developer (24 weeks):

• Finalize the code base
• Research the Common Criteria
• Write the guide
• Write the documents
• Discuss with the Developer Experience working group
• Discuss with the Certification working group

How does the cost of the project represent value for money for the Cardano ecosystem?

The proposed project's cost represents value for money for the Cardano ecosystem by addressing critical security and usability concerns related to dApp development.

By investing in the development of a this project Cardano can provide good balance between accessibility and security to the developers.

Consider that we are making secure dApp development accessible to the users of JavaScripe, one of the largest dev communities that exists:

This fosters developer trust and confidence in Cardano.

Additionally, this improves Developer Experience on Cardano.

In essence, the project's cost translates into enhanced security, usability, and overall ecosystem stability, making it a sound investment for Cardano.