Solana Ecosystem

Security Control
Framework

A structured approach to evaluating the security posture of projects in the Solana ecosystem. Eight pillars, each scored on a four-point maturity scale — from Not Implemented to Advanced.

8 Security Pillars
40 Controls
4 Maturity Levels

Scoring System

Maturity Scale

Each control is scored on a four-point scale. Pillar scores average their underlying controls and map to a risk tier.

0
Not Implemented
The control is absent or entirely ad hoc
1
Basic
Initial implementation with significant gaps
2
Mature
Consistent implementation with minor gaps
3
Advanced
Comprehensive implementation with continuous improvement

Framework

Eight Security Pillars

Controls are organized into eight pillars, each targeting a distinct domain of the security posture.

P
5 controls

Program Security

Code review, external audits, bug bounties, defense-in-depth mechanisms, and automated security tooling
G
5 controls

Governance

Privileged roles, upgrade authority, timelocks, multisig configuration, and risk parameter controls
E
4 controls

Oracle & External Dependencies

Dependency mapping, oracle architecture, staleness handling, and blast radius containment
I
5 controls

Infrastructure

DNS and domain security, web application security, key management, off-chain services, and RPC
S
5 controls

Supply Chain & Release Process

Dependency pinning, branch protection, code review, signed releases, and CI/CD pipeline security
O
6 controls

Operational

Endpoint security, multisig operations, access management, communications, treasury, and inventory
M
5 controls

Monitoring & Incident Response

On-chain monitoring, circuit breakers, incident response playbooks, on-call, and security partners
L
5 controls

Logging & Alerting

Log coverage, collection and retention, normalization, detection rules, and alerting escalation