CertiK is excited to launch new security scores for Web3 projects. This innovative scoring system examines the real-time security posture of projects by analyzing important on-chain and off-chain data.
CertiK's scoring system covers a majority of Web3 projects that can be found on popular cryptocurrency tracking platforms like CoinMarketCap. Our methodology employs a weighted average of security measures to evaluate the security standing of Web3 projects. The evaluation is independently conducted regardless of a project's affiliation with CertiK, ensuring an objective scoring of all projects.
The security score is calculated by aggregating sub-scores from different signals, where a higher score indicates better performance in specific security measurements. We integrate over 15 signals that measure security performance across six security categories: Code Security, Fundamental Health, Operational Resilience. Community Trust, Market Stability, Governance Strength:
Code Security assesses the steps taken by teams to guarantee that the project’s code and development are secure and reviewed.
Fundamental Health measures team and project transparency, structure, quality of documentation, and related indicators.
Operational Resilience considers challenges the project may face and how they overcome them through project progress and security response to operational risks.
Community Trust measures social engagement of the project in evaluating its overall social health across platforms like Twitter, Telegram and Discord.
Market Stability considers a project’s ability to maintain a stable and predictable value over time without significant volatility or fluctuations.
Governance Strength measures a project’s ability to operate in a decentralized manner in terms of decision making and distribution of token holders.
Signals are divided based on two types: Manual and Automatic. Manual Signal Scores are determined by research analysts and security experts who evaluate factors such as the quality of whitepaper, documentation, and more. The Manual Signal Score is periodically re-evaluated to reflect the most recent security posture of the projects. Automatic Signal Scores are calculated in real-time by our underlying software and monitoring systems. Automatic Signals evaluate website cybersecurity, previous security incidents, on-chain activity, and other factors.
Here's a breakdown of some of the key variables we use to evaluate a project's security posture:
Once we have collected all the data, CertiK's team assigns varying levels of importance to different signals based on their severity or potential impact. This allows us to provide a comprehensive and independent assessment of a project's security posture. Each signal is integrated into the scoring system, and the final Security Score is determined by aggregating sub-scores from different signals.
Note that the Score's emphasis is solely on security and does not take into account other risk factors, such as compliance. We are constantly refining our scoring system and algorithms to ensure that we provide the most accurate and up-to-date security scores possible. Our system is publicly accessible free of charge, providing the Web3 community with a ranking percentile of all projects' aggregated signal scores in the system.
By providing accessible security scores for all projects, we aim to encourage teams and investors to strive for better security postures. Projects can minimize security risks and vulnerabilities through the use of our score, which is critical for protecting investors and users in the Web3 ecosystem.
If you're a project owner and would like to learn more about your security score, get in touch with our team. We offer support and steps to improve your project’s security posture.
Access security scores for Web3 projects on our Skynet platform at skynet.certik.com.