🗃️Statement of Work
The Statement of Work outlines the key terms of the agreement between the client and Coverage, ensuring both parties are aligned.
Overview
Each Statement of Work includes, but is not limited to, the following components:
Scope of Work
For Security Reviews and Fuzzing Campaigns, we will reference a selected commit hash of the codebase and the files within scope for analysis.
Deliverables
For Security Reviews, we will provide static analysis reports, architectural diagrams, tests produced during the review process, and a final report summarizing the identified vulnerabilities.
For Fuzzing Campaigns, we will deliver a list of identified invariants, a complete stateful fuzzing test suite built with Echidna, and a final report summarizing the vulnerabilities identified.
Timelines
For Security Reviews and Fuzzing Campaigns, the engagement will have a defined start date and end date, followed by a two-week fix review period during which the client can address identified vulnerabilities, with our support for validation and assistance as needed.
Engineering Team Breakdown
Each engineer assigned to the engagement will be listed in the Statement of Work, along with their respective roles in the project.
Client Responsibilities
Access and Resources: Ensure we have access to relevant repositories, documentation, and all necessary technical details that are essential for the engagement.
Timely Feedback and Communication: Provide prompt reviews and feedback on deliverables and maintain open communication throughout the engagement to address any questions or concerns.
Vulnerability Remediation: The client is responsible for deciding whether to fix, acknowledge, or not fix identified vulnerabilities during the two-week fix review period, which begins after the preliminary report is sent.
Price, Payment Schedule and Method
Price: The total cost for the engagement is based on the number and level of engineers assigned, as well as the estimated duration of the engagement.
Payment Schedule: Payments will be split into two installments. An initial payment of 50% is due upfront before the engagement starts. The final 50% is due upon completion of the engagement (excluding the fix review period for relevant services), with a 30-day window to finalize payment.
Payment Method: We accept payments in USDT or USDC via selected networks.
Once both parties have signed the Statement of Work, a dedicated private communication channel will be established for the engineering team and the client's team.
Last updated