From 3c23d04b9222442da8c9d27a129d78dee306c8e8 Mon Sep 17 00:00:00 2001 From: chaals Date: Mon, 1 Jul 2024 18:28:45 +0200 Subject: [PATCH] Update README.md --- README.md | 15 ++++++++++----- 1 file changed, 10 insertions(+), 5 deletions(-) diff --git a/README.md b/README.md index 5557ba5c..cfed81a1 100644 --- a/README.md +++ b/README.md @@ -5,23 +5,28 @@ to enhance or clarify the status of the current content, and pointers will be ad [EEA EthTrust Security Levels Specification](https://entethalliance.org/specs/ethtrust-sl/), new SWCs are no longer being added, and readers should check external sources to clarify the relevance of existing content. -All the work in here was incorporated into the **[EEA EthTrust Security Levels specification v1](https://entethalliance.org/specs/ethtrust-sl)**. +All the vulnerabilities described in this repository were incorporated into version 1 of the **[EEA EthTrust Security Levels specification](https://entethalliance.org/specs/ethtrust-sl)**, published in August 2022 The [EEA EthTrust Security Levels](https://entethalliance.org/groups/ethtrust) project is actively maintained. -The **[Editor's draft for a new version](https://entethalliance.github.io/eta-registry/security-levels-spec.html)** is publicly available, -is updated roughly every two weeks, and a formal release is expected to be published in Q4 2023 as version 2 of the specification. +The **[Editor's draft for a new version](https://entethalliance.github.io/eta-registry/security-levels-spec.html)** is publicly available. + +[EthTrust Security Leveles Version 2](https://entethalliance.org/specs/ethtrust-sl/v2) was published in December 2023, with publication of version 3 expected in early 2025. + +Another project that has been maintained over a number of years is the [Smart Contrat Security Verification Standard](https://github.com/ComposableSecurity/SCSVS). + +The EthTrust specification is specific to Solidity code, and aims to comprehensively identify vulnerabilities that need to be checked for, and if present eliminated. The SCSVS is a more general development guideline for security testing and remediation, applicable to a large range of projects. # Smart Contract Weakness Classification Registry The Smart Contract Weakness Classification Registry (SWC Registry) is an implementation of the weakness classification scheme proposed in [EIP-1470](https://github.com/ethereum/EIPs/issues/1469). It is loosely aligned to the terminologies and structure used in the Common Weakness Enumeration ([CWE](https://cwe.mitre.org)) while overlaying a wide range of weakness variants that are specific to smart contracts. -The goals of this project are as follows: +The goals of this project were as follows: - Provide a straightforward way to classify security issues in smart contract systems. - Define a common language for describing security issues in smart contract systems' architecture, design, or code. - Serve as a way to train and increase performance for smart contract security analysis tools. -## New SWC entries are not added since 2020 +## New SWC entries have not not been added since 2020 ### Scope of Weaknesses