Security Threat Assessment Guard (STAG): Cardanoエコシステムの継続的セキュリティ保証

This programme exists because no other programme does. Cardano is now a multi-client blockchain. Amaru is enacted; Dingo and Gerolamo are in active development; Leios will introduce further implementation surface. Wherever two independent implementations handle a consensus edge case, a state transition, or a mini-protocol message differently, an exploitable inconsistency exists — invisible to any review examining a single node. That is the class of vulnerability STAG is built to find. STAG is an independent, continuous red team programme for the full Cardano protocol stack: UPLC smart contract execution, compiler toolchains, ledger rules, consensus, peer-to-peer networking, wallet interfaces, and mainnet performance monitoring. All critical findings are reported within 24 hours under responsible disclosure to the Security Council and relevant development teams. The programme costs $1,972,622 over 18 months — approximately $110,000 per month for continuous, full-stack adversarial analysis by the original protocol architects, across four independent organisations: QuviQ AB, Predictable Network Solutions, Well Typed LLP, and Ensurable Systems. Community opt-out checkpoints at Month 6 and Month 12 give DReps oversight throughout without locking in an 18-month commitment from day one. Community treasury funding — not IOG, the Cardano Foundation, or Intersect — is the structural basis of STAG's independence. An adversarial security team whose funding runs through the institutions whose code it tests faces pressures that compromise adversarial thinking. Community funding removes those pressures. All deliverables are dedicated to the public domain under CC0. The sandboxed AI tooling infrastructure is handed over to Intersect at programme end for use by any successor programme.