Add Figment to SaaS products [Closes #11160, Closes #12693]

[wackerow]

Description

• Adds Figment to SaaS products

Related Issue

• Closes Figment addition to Staking as a Service Ethereum Website (https://ethereum.org/en/staking/saas/) #11160
• Closes Figment staking as a service  #12693

[wackerow]

@ivanszeftel To fit our theming, made some adjustments with the logo so let me know if this looks acceptable for you

[wackerow]

@ivanszeftel ^ Does this look okay?

Just noting the theming, black isn't used anywhere... if we just use the F it will kinda look like "F Figment", hence the approach above with a opacified background.

[bturner200]

Hey @wackerow - stepping in for Ivan here as he is no longer at Figment. This logo looks all good, thank you!

[wackerow]

@ivanszeftel As noted, this is from it being private

[wackerow]

@ivanszeftel As noted, this is from them not being publicly available

[wackerow]

@ivanszeftel As noted, this is from it being private

For safety reasons, the access to the validator private keys (signing keys) is strictly limited to the service.

[wackerow]

@ivanszeftel This won't end up affecting anything, since anything over 1 year is weighted the same, but you mentioned "mid 2021" which didn't let me zero it in on the exact date, so I just defaulted to the end of that year. Please feel free to update to proper date or more accurate month if you'd like; supporting evidence always appreciated =)

[wackerow]

Hey @ivanszeftel, left a couple comments for you and just had a question to make sure the logo was okay since we adjusted to match site styling.

I marked this PR as draft to at least allow you to take a peak and make sure this looks okay then we can bring it in.

[gatsby-cloud]

✅ ethereum-org-website-dev deploy preview ready

• Deploy preview
• Build logs · 33m build time

[ivanszeftel]

Hello @wackerow,

What is the definition of execution diversity?

I have some comments about the bug bounty and the audit, please let's hold on to publishing this until I come back with the details.

Regarding the logo can we use this colour instead for the background #092B28 so it would look as the image attached?

[wackerow]

@ivanszeftel Execution diversity defined as:

Will await bug bounty/audit information.

The logo is tricky because of the theming on those pages... they're all monochromatic and don't use color. The backgrounds all use the same saturation/luminance, and only the hue is adjusted to give them a similar look/feel. cc: @nloureiro Any suggestions here?

[nloureiro]

@ivanszeftel do you have a monochromatic version of the brand.

Maybe just the F inside a square?

I did find this on the staking event page, but it's your full logo. Should we use it?

[ivanszeftel]

Hello @wackerow,

Please find below Figment's updated response.

Audit
Figment's commitment to security assurance is top priority. Figment has been examined to attest that its system and the suitability of the design of controls meets the AICPA's SOC 2 Type 2 requirements.
Figment has received certification from an independent auditor for compliance with ISO/IEC 27001:2013, a security management standard for information security management systems (ISMS) and their requirements. Our ISO 27001 certificate is available to download here: https://trustpage.figment.io/resources/MjY5MjBhMDctOTdjOS00ZTAzLTg1N2UtMmE1ZTYzODRhZjk3

Penetration Testing
Figment identifies and mitigates risks through regular network and application, external and internal security testing conducted by a certified Red Team.
Figment will make the SOC 2 audit and penetration testing reports available to current or potential customers upon the execution of a non-disclosure agreement.

Bug Bounty
Figment welcomes reports from third-party security researchers and their help in making its services and platforms more secure. Our bug bounty program is published on our public website at https://figment.io/responsible-disclosure/. Anyone can reach out to bug.bounty@figment.io to request access to the program.

Client Diversity
At Figment, we leverage both Teku/Erigon and Lighthouse/Geth as our consensus and execution clients. In steady situations, where client performance is on par, we strive for an equilibrium - i.e. 50/50 - between different clients. Our architecture allows us to monitor client performance across all of our nodes and enables us to be agile in migrating clients (not the validators) to achieve optimized performance. This nimbleness ensures our prompt response to any unexpected events, safeguarding the interests of our customers.

Self Custody
Customers always maintain absolute self-custody of their withdrawal keys. Figment never requests or retains access to these keys.
Figment safeguards validators keys to prevent any inadvertent sharing of private keys, which could potentially expose customers to double-signing risks and slashing of their staked ETH.
Our customers are provided access to encrypted pre-signed exit transactions (PSETs). This allows the customers for secure validator exits without relying on Figment’s infrastructure. The encryption keys for these transactions are generated by the customers and are held in their custody. Our self-serve customers can access this feature upon request.

Let me know if our updated response is clear enough to change the red for a green checkmark on Bug Bounty, Audited, and Client Diversity.

Regarding the logo, we do have a monochromatic version, please find it attached.

[wackerow]

Although I appreciate the clear focus on security checks, the indicators listed for this site focus on the public availability of the reports that users can view. We're not currently set up to discern the validity or reputation of any certifications.

For client diversity, if you keep things at at 50/50 split with some fluctuation, that seems reasonable to me to put 50% for these (I pushed a patch).

Self Custody:

This one is tricky because per our current definition the user would still not quite have full access to their keys, and would be reliant on the PSET. To my recollection, I thought these were dependent on the current fork of network upgrades, so if there is any chance the PSET would potentially not work for the user in the future, I'd want to make sure that's clear.

^ I raised a new issue (#11405) to further discussion on this. In the meantime I don't think we should adjust this too quickly, but if discussion supports I don't have a problem with updating and adjusting this listing.

@ivanszeftel Let me know if you're comfortable with moving this forward or if you'd prefer to wait on discussion in the mentioned issue.

[wackerow]

Hey @ivanszeftel! Just circling back and touching base here... Let us know how you'd like to proceed, thanks!

[wackerow]

Hey @ivanszeftel, friendly ping on this. If we don't hear back we can close this out until further word

[wackerow]

Closing this out for now; @ivanszeftel please @ me if you decide you'd like to pursue this, thanks!

[netlify]

✅ Deploy Preview for ethereumorg ready!

Name	Link
🔨 Latest commit	ea57797
🔍 Latest deploy log	https://app.netlify.com/sites/ethereumorg/deploys/6627be60b3af940008cf2808
😎 Deploy Preview	https://deploy-preview-11241--ethereumorg.netlify.app
📱 Preview on mobile	Toggle QR Code... Use your smartphone camera to open QR code link.
Lighthouse	1 paths audited Performance: 31 Accessibility: 93 Best Practices: 92 SEO: 100 PWA: - View the detailed breakdown and full score reports

---

To edit notification comments on pull requests, go to your Netlify site configuration.

[bturner200]

Hey @wackerow - all good to proceed here and can switch it out of draft to "ready for review" - thanks!

[bturner200]

Hi, when reviewing the page noticed that "Figment" is not checked green for:
AUDITED
BUG BOUNTY
PERMISSIONLESS
SELF CUSTODY

could you please edit this as these should be green checks? The documentation was provided above in the request, but let me know if there is anything else I can provide