Introduction to N-SCOSS Rating

I. Overview

N-SCOSS is a score from 0 to100 measuring the code security based on five perspectives which are correlated to either the likelihood of an occurrence of a hack, bug or exploit (hereafter “attacking event”) or its severity. A higher N-SCOSS Rating reflects a rather secure evaluation result on a project’s safety based on our assessment standard. These perspectives are the key components of N-SCOSS, therefore named “Pillars”, symbolised by N_i. These pillars are further subdivided into several separately analysed rating factors, symbolised by N_(i,j). Weights are assigned to each pillar and each rating factor to quantify its relevance towards the code’s security.

II. Methodology

A selection of factor groups logically impacting the code security was first selected. By mapping historical hack events data to those selected rating factors, we are able to analyse whether they are correlated or not. Only those significantly correlated factors are included in the calculation of N-SCOSAS.

III. Five Pillars

The five pillars and their sub-factors composing N-SCOSAS are as below.

  • Project age
  • Past exploits (if any)
  • Team anonymity
  • Team experience in programming
  • Total value locked
  • Industry segment
  • Infrastructure
  • Audit transparency and scope
  • Audit findings
  • Audit firm trust score
  • Other credits
  • Documentation
  • Test
  • Bug bounty program
  • Issues raised on Github

IV.Future improvement

1. To include adjustment factor
A Comprehensive Adjustment between -0.2 to +0.2, symbolised in the formula as A_1, is to be included in N-SCOSAS to credit for strengthening or penalising the weakness/robustness that may not have been captured within the 5-pillar structure. This may result due to innovation or increase in complexity on the average protocol complexity over time.

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Nsure.Network

Nsure.Network

Open Insurance Platform for Open Finance