wording

next.config.js

@@ -36,13 +36,13 @@ module.exports = {
       },
       {
         source: '/docs/embedded-app/external-dev',
-        destination: '/docs/device-app/deliver/references',
+        destination: '/docs/device-app/deliver/partners',
         permanent: true,
       },
 
       {
         source: '/docs/device-app/getting-started/external-dev',
-        destination: '/docs/device-app/deliver/references',
+        destination: '/docs/device-app/deliver/partners',
         permanent: true,
       },
       {
@@ -57,12 +57,12 @@ module.exports = {
       },
       {
         source: '/docs/embedded-app/security-audit',
-        destination: '/docs/device-app/deliver/references',
+        destination: '/docs/device-app/deliver/partners',
         permanent: true,
       },
       {
         source: '/docs/device-app/submission/security-audit',
-        destination: '/docs/device-app/deliver/references',
+        destination: '/docs/device-app/deliver/partners',
         permanent: true,
       },
       {

pages/docs/device-app/_meta.json

@@ -1,7 +1,6 @@
 {
-    "introduction": "I. Introduction",
-    "choose": "II. Choose",
-    "develop": "III-IV. Develop & Test",
-    "deliver": "V. Deliver",
-    "architecture": "VI. References"
+    "introduction": "Introduction",
+    "develop": "Develop & Test",
+    "deliver": "Deliver",
+    "architecture": "References"
 }

pages/docs/device-app/deliver/_meta.json

@@ -3,5 +3,5 @@
     "deliverables": "Deliverables",
     "submission-form": "Submission",
     "maintenance": "Maintenance",
-    "references": "References"
+    "partners": "Partners"
 }

pages/docs/device-app/deliver/deliverables.mdx

@@ -5,6 +5,10 @@ import { Cards, Card } from 'nextra/components'
 Your application is ready to be submitted! In this section you will find the last details on the delivarables that are required for your submission to be accepted.
 
 <Cards>
+  <Card
+    title="Security Audit"
+    href="./deliverables/security-audit"
+  />
   <Card
     title="Icons"
     href="./deliverables/icons"

pages/docs/device-app/deliver/deliverables/_meta.json

@@ -1,4 +1,5 @@
 {
+	"security-audit": "Security Audit",
 	"icons": "Icons",
 	"ui-flow-video": "Demo",
 	"documentation": "Documentation",

pages/docs/device-app/deliver/deliverables/security-audit.mdx

@@ -0,0 +1,60 @@
+---
+title: Security Audit
+description: 
+---
+
+import { Callout } from 'nextra/components'
+
+# Security Audit
+
+## Introduction
+
+To be listed on the Ledger Live “My Ledger“ section, Device Apps and Plugins must go through our integration process that includes a security audit performed by one of our trusted partners.
+
+Provided your project fulfills the [conditions](#conditions), this is how an external audit unfolds:
+1. You get in touch with the auditers and sign a contract with them. [Read more](../partners#security-audit-your-agreement-with-our-partners).
+2. The auditors review your app based on Ledger specifications. [Read more](#content-of-the-security-audit).
+3. Ledger reviews the security audit report
+4. Ledger publishes your app
+
+<Callout type="warning" emoji="⚠️">
+    The security audit is mandatory for an application to be available on our production providers (accessible by
+    default from the LedgerLive). However it is possible to deploy without security audit on other providers, for test
+    purposes. However, the application [will need to display a warning message when starting](../process#release-types).
+</Callout>
+
+<Callout type="warning" emoji="⚠️">
+    <ul>
+        <li>Do not start a security audit process if your Device App is not ready for all Ledger devices (Ledger Nano S, S Plus, X and Stax).</li>
+        <li>Your Device App must still be functional after the security audit </li>
+    </ul>
+</Callout>
+
+
+## Conditions
+
+To go through an external security audit, ensure your project fulfills the following conditions:
+
+- Your Device App works with all our devices (Ledger Nano S, S Plus, X and Stax)
+- Your Device App has been functionally validated by Ledger team
+
+<Callout type="warning" emoji="⚠️">
+    <ul>
+        <li>Do not start a security audit process if your Device App is not ready for all Ledger devices (Ledger Nano S, S Plus, X and Stax).</li>
+        <li>Your Device App must still be functional after the security audit </li>
+    </ul>
+</Callout>
+
+## Content of the security audit
+
+Ledger has established and made public a detailed specification of what needs to be done to perform a security audit following Ledger’s standards.
+
+|          Step          |         Specification                                              |
+| ---------------------- | ------------------------------------------------------------------ |
+| Application privileges | Check application flags (privileges) and allowed derivation paths. |
+| Compilation            | Check for compilation warnings, and if warnings have been silenced. If so, ask for a fix. |
+| Tests                  | Run tests and check they succeed / Check tests are sound.           |
+| Static Analysis        | Check for defects using scan-build and our scan options. Add in CI if not present / CodeQL: check with the "security and quality" queries. Add in CI if not present. |
+| Manual code review     | List every transaction fields. Look which ones must be displayed to the user / Check transaction parser, field formatters / Check if sensitive data is properly erased / Do not allow blind signing. |
+| Fuzzing                | Implement a transaction fuzzer. Best effort to reach decent coverage / Use libFuzzer if possible to integrate with ClusterFuzzLite. |
+| Deliverables           | Report and executive summary detailing findings, and tests that gave no results / Security fixes: on a temporary private fork / Feedback on the SDK: what could be improved for a better security. |

pages/docs/device-app/deliver/submission-form.mdx

@@ -42,7 +42,7 @@ Please make sure you have understood what is expected. You may use this list as
 #### 2 - Security
 
 - I have met the [security requirements](../develop/requirements/security)
-- The application went through a security audit
+- The application went [through a security audit](./deliverables/security-audit)
 - All vulnerabilities have been fixed
 
 
@@ -94,19 +94,25 @@ Please make sure you have understood what is expected. You may use this list as
 - Postal address
 - Email address
 
-#### 2 - Plugin
+#### 3 - Security
+
+- I have met the [security requirements](../develop/requirements/security)
+- The application went [through a security audit](./deliverables/security-audit)
+- All vulnerabilities have been fixed
+
+#### 4 - Plugin
 
 - Plugin source code (GitHub repository)
 - Two icons for the Ledger Stax, Nano and for "My Ledger" in Ledger Live, in PNG or GIF
  (see [Icons](./deliverables/icons/))
 - Link of the DApp working with the plugin
 
-#### 3 - Support
+#### 5 - Support
 
 - I have read the [support page](./deliverables/support)
 - Main support contact (mail address, Slack/Reddit/Telegram/Discord communities)
 
-#### 4 - Warranty and liability
+#### 6 - Warranty and liability
 
 - I have read and agree with information laid out the [warranty and liability disclaimer](./deliverables/legal/)
 

pages/docs/device-app/develop/requirements/security.mdx

@@ -73,63 +73,6 @@ To implement this requirement it is recommended to have a setting menu with the
 
 You can find implementation example inside [Ethereum](https://github.com/LedgerHQ/app-ethereum), [Solana](https://github.com/LedgerHQ/app-solana) or [Elrond](https://github.com/LedgerHQ/app-elrond) code base.
 
-
-## Security Audit
-
-
-### Introduction
-
-To be listed on the Ledger Live “My Ledger“ section, Device Apps and Plugins must go through our integration process that includes a security audit performed by one of our trusted partners.
-
-Provided your project fulfills the [conditions](#conditions), this is how an external audit unfolds:
-1. You get in touch with the auditers and sign a contract with them. [Read more](../references#security-audit-your-agreement-with-our-partners).
-2. The auditors review your app based on Ledger specifications. [Read more](#content-of-the-security-audit).
-3. Ledger reviews the security audit report
-4. Ledger publishes your app
-
-<Callout type="warning" emoji="⚠️">
-    The security audit is mandatory for an application to be available on our production providers (accessible by
-    default from the LedgerLive). However it is possible to deploy without security audit on other providers, for test
-    purposes. However, the application [will need to display a warning message when starting](../process#release-types).
-</Callout>
-
-<Callout type="warning" emoji="⚠️">
-    <ul>
-        <li>Do not start a security audit process if your Device App is not ready for all Ledger devices (Ledger Nano S, S Plus, X and Stax).</li>
-        <li>Your Device App must still be functional after the security audit </li>
-    </ul>
-</Callout>
-
-
-### Conditions
-
-To go through an external security audit, ensure your project fulfills the following conditions:
-
-- Your Device App works with all our devices (Ledger Nano S, S Plus, X and Stax)
-- Your Device App has been functionally validated by Ledger team
-
-<Callout type="warning" emoji="⚠️">
-    <ul>
-        <li>Do not start a security audit process if your Device App is not ready for all Ledger devices (Ledger Nano S, S Plus, X and Stax).</li>
-        <li>Your Device App must still be functional after the security audit </li>
-    </ul>
-</Callout>
-
-### Content of the security audit
-
-Ledger has established and made public a detailed specification of what needs to be done to perform a security audit following Ledger’s standards.
-
-|          Step          |         Specification                                              |
-| ---------------------- | ------------------------------------------------------------------ |
-| Application privileges | Check application flags (privileges) and allowed derivation paths. |
-| Compilation            | Check for compilation warnings, and if warnings have been silenced. If so, ask for a fix. |
-| Tests                  | Run tests and check they succeed / Check tests are sound.           |
-| Static Analysis        | Check for defects using scan-build and our scan options. Add in CI if not present / CodeQL: check with the "security and quality" queries. Add in CI if not present. |
-| Manual code review     | List every transaction fields. Look which ones must be displayed to the user / Check transaction parser, field formatters / Check if sensitive data is properly erased / Do not allow blind signing. |
-| Fuzzing                | Implement a transaction fuzzer. Best effort to reach decent coverage / Use libFuzzer if possible to integrate with ClusterFuzzLite. |
-| Deliverables           | Report and executive summary detailing findings, and tests that gave no results / Security fixes: on a temporary private fork / Feedback on the SDK: what could be improved for a better security. |
-
-
 ## Nice to have: CodeQL
 
 In order to increase code security, use static analysis based on [CodeQL](https://codeql.github.com/docs/) to perform security checks.

pages/docs/device-app/introduction.mdx

@@ -87,7 +87,7 @@ For the Apps written in Rust, a Rust SDK is still work in progress
 
 ## Documentation version
 
-The current version of the Device App documentation displayed on the Developer Portal is **v03.2_20230627**.
+The current version of the Device App documentation displayed on the Developer Portal is **v04_20240126**.
 
 
 ## Contributing