STRIDE Security Program: The Solana Foundation has introduced a new structured security program, Solana Trust, Resilience and Infrastructure for DeFi Enterprises (STRIDE), that supports higher security levels across the entire Solana ecosystem. STRIDE will fill a major void in security by enabling assessments of prior audits by identifying the various gaps that exist with regard to the configuration and controls of multisig wallets, lack of operational processes, etc.
How STRIDE Security Program Functions
STRIDE will have eight core security pillars, and we will evaluate protocols for compliance with these pillars using independent assessments, which will be posted publicly for users/investors to gain visibility into the application’s security status. Protocols with more than USD 10 million in total value locked (TVL) that pass assessment will receive ongoing Operations Security (OPSEC) and active threat monitoring funded through STRIDE with grants from the Solana Foundation. The level of funding (insurance) will align with each protocol’s risk factor, with the highest value protocols receiving the greatest measure of security.
Protocols managing as much as USD 100 million in TVL will additionally receive formal verification funding through the STRIDE Security Program using mathematical proof methods that assure smart contract integrity by testing all possible states and execution paths. Such high level assurances are critical for the large decentralized finance (DeFi) applications, as a single exploit could have catastrophic results.
The SIRN: Solana Incident Response Network
The Foundation has announced a new group of Security firms and Security researchers, known as the Solana Incident Response Network (SIRN), designed specifically for the protection of the Solana ecosystem. Initial participants include Asymmetric Research, OtterSec, Neodyme, Squads, and ZeroShadow. All members of the SIRN will collaborate on the sharing of Threat Intelligence, coordination of incident responses to existing incidents, and development of the STRIDE Framework. This, combined with the STRIDE initiative, will provide the Solana ecosystem with 24/7 Incident Response capabilities.
Importance of STRIDE Security
The Solana Ecosystem has seen explosive growth in TVL, tech integrations, protocol complexity, and institutional attention, making it an increasingly attractive target for sophisticated attackers, as with the latest DRIFT Protocol hack. But, combining the above with the shift from the current state of reactive Incident Response to a standardised proactive defense with the STRIDE Security Program, where security services are made available to qualifying protocols at zero cost, will allow the Foundation to create a baseline expectation that security is not a competitive advantage, but rather the baseline of any protocol.
