The most consequential security failures in DeFi aren’t always about the code. Through many long-term, embedded partnerships with some of Solana's most critical projects, we've seen a consistent pattern: technically sound programs can still get undermined by misconfigured multisigs, weak access controls, and operational gaps that traditional audits don't cover.
Solana’s growth in TVL, protocol complexity, and institutional attention has made it an increasingly attractive target for sophisticated attackers. Along with the Solana Foundation, we are launching STRIDE (Solana Trust, Resilience and Infrastructure for DeFi Enterprises), a structured program for evaluating security posture across Solana projects.
How STRIDE Works
STRIDE defines requirements across eight pillars, giving protocols a clear baseline to measure and improve against.
Protocols are independently assessed against these requirements, with findings published publicly. This gives users, investors, and the broader ecosystem real transparency into the security posture of the protocols they interact with.
For protocols with more than $10M in TVL that pass their assessment, STRIDE will provide ongoing opsec and active threat monitoring, fully funded through Solana Foundation grants, with coverage calibrated to each protocol's risk profile. Through the program, protocols will be warned when suspicious activity is detected so teams can act before an incident escalates. Formal verification will also be available for protocols over $100M TVL.
Why We Built This
AR's work spans research, incident response, engineering, infrastructure, and even physical security. Across our engagements, we've seen that many serious security failures don't surface during audits. Instead, they stem from operational gaps and governance weaknesses.
Addressing these problems requires a systems-level response. Asymmetric Research and the Solana Foundation share the goal of making security infrastructure accessible to protocols at every stage, not just those with the resources to seek it out independently. Through this program, the highest-value protocols receive rigorous, ongoing protection, while smaller teams have a clear standard to build toward.
The Solana Incident Response Network
Alongside STRIDE, we're launching the Solana Incident Response Network (SIRN), a dedicated, membership-based network of security firms and researchers focused on protecting the Solana ecosystem.
Founding participants include Asymmetric Research, OtterSec, Neodyme, Squads, and ZeroShadow. Members share threat intelligence, coordinate response to active incidents, and contribute to the ongoing evolution of the STRIDE program, providing the ecosystem with dedicated, round-the-clock incident response capabilities.
We see SIRN as a long-term, collaborative effort. Membership will grow deliberately, extended to others who support STRIDE’s standards. As the ecosystem matures, so will the network. Security firms and researchers interested in joining SIRN can reach out at sirn@asymmetric.re.
What Happens Next
STRIDE is v0.1. We're starting with eight pillars and expect the program to sharpen quickly as real assessments inform it.
The Solana ecosystem has the talent, the infrastructure, and now a comprehensive security program to set a standard for the industry. We're honored to be building that alongside the Solana Foundation, our founding partners, and the broader community.
Security is a collective responsibility, and we're committed to seeing that reflected across every protocol on Solana.
Reviews are available starting today. We encourage projects to reach out via this form.