Dimension 11: Operational Security
Incident response speed, deployment hygiene, key management, monitoring infrastructure, and emergency history.
What We Measure
We assess the operational security practices surrounding a protocol's deployment and maintenance. Even perfectly written code can be compromised through operational failures — leaked keys, misconfigured deployments, or inadequate incident response. We analyze incident response speed and quality (historical and procedural), deployment hygiene (key management, access controls on deployment infrastructure), monitoring infrastructure and alerting capabilities, emergency action mechanisms and their activation history, key management practices (HSMs, multisig, geographic distribution), and the protocol team's demonstrated ability to respond to crises.
What Raises This Score
Professional security operations center (SOC) with 24/7 monitoring
Demonstrated incident response with fast, effective remediation
Hardware security modules (HSMs) for key management
Geographically distributed operational infrastructure
Published and tested incident response procedures
Immutable contracts (eliminate deployment key risk entirely)
CI/CD pipelines with integrity verification and access controls
What Lowers This Score
No public incident response documentation or procedures
Historical incidents with slow or inadequate response
Key management practices that are opaque or centralized
No monitoring infrastructure visible
Deployment keys that could be single points of failure
No emergency pause or circuit breaker mechanisms
Operational access not protected by multisig or time delays
Why This Weight
At 10%, Operational Security reflects that many real-world protocol compromises originate from operational failures rather than code bugs — leaked private keys, compromised deployment pipelines, or inability to respond quickly to emerging threats. The weight acknowledges that opsec is a necessary complement to code security: perfect code with poor operational practices is still vulnerable.