The sec3 Master Plan is a four-step plan to make sec3 a decentralized end-to-end security solution provider for DApps in the growing Web3 economy. The plan includes building strong point solutions such as Launch Audits and WatchTower, expanding and building a full suite of solutions to cover the full DApp lifecycle, adding token economics to benefit from decentralization and community creativity, and leveraging sec3's reliable solutions to offer risk-based insurance solutions.
A DApp’s life cycle has multiple stages, and each stage has its own security challenges. Security demands applying a holistic approach to the whole DApp life cycle, and end-to-end solution provider means meeting those security challenges at each and every point along the DApp lifecycle, from concept design, coding, testing, and deployment, all the way to operating and maintaining a deployed protocol securely.
- Step 1: Build a few strong point solutions - Launch Audits, X-Ray and WatchTower.
- Step 2: Expand and build out a full suite of point solutions to cover the full DApp lifecycle, and make these point solutions work seamlessly together.
- Step 3: Decentralize security to the community via a token, to solutions that can benefit from decentralization and community creativity.
- Step 4: Leverage sec3’s reliable solutions in each and every step of the DApp lifecycle to offer risk-based insurance solutions.
Step 1 - Establish A Few Strong Point Solutions
- On the security service side: Continue to build the sec3 Launch Audit business and expand it to across multiple chains. Focus on the service quality, making it sec3’s No. 1 priority in Launch Audits. Expand the service scope, and add more service features to make it more sticky and provide more benefits to DApps.
- On the security product side: 1) Continue to build a post-deployment security solution centered on sec3 WatchTower, a real-time security monitoring solution, and sec3 CircuitBreaker, a real-time solution to stop and arrest malicious attacks, sec3 team has built a solid infrastructure, and some well received bots around a few use cases. The next step is to expand to more use cases with customers; 2) Expand the capacity of sec3 X-Ray: continue to refine the analysis engine behind X-Ray, and add more “signatures” to cover more types of security vulnerabilities. Provide more ways for X-Ray to be seamlessly integrated with the smart contract development process; 3) Expand to cross-chain.
- Audit is an important point solution, and adds a lot of value to many DApps as they prepare to launch on main-net. However, manual audits are not the endpoint solution, because it is not scalable compared to software solutions and is inconsistent in quality across auditors or even within a specific audit team; However, it still adds a lot of value to clients when other solutions are developed, and can get sec3 closer to customers, to learn about their security challenges and to gain insights on how to best address them.
- The space for post-deployment security is important, and is still a new and emerging field. The need to keep funds safe is acute once smart contracts are on-chain. Taking the lead in this space will establish sec3 as a go-to firm for DApp security
- Source code development is an entry point for a web3 protocol life cycle. X-Ray is adding value to clients both at this entry point, and as an incremental scanning tools integrated with the development process, e.g. Github pull request. It can be a good starting point for customers to get to know sec3’s products and services, and be used as a distribution channel for other products and services. sec3 will continue to iterate and refine X-Ray, to make it more capable and better integrated, to maintain the strong position.
Step 2 - Provide End-To-End Solutions
Step 2 aims to leverage the stronghold point solutions already in place, to add more solutions to further strengthen sec3’s value to customers, and deliver strong results to make web3 protocols secure.
Security demands a holistic approach. The added solutions not only bring specific benefits on their own, but also generate additional benefits by seamlessly working with each other as a team. I.e. end-to-end total solution.
- Fuzzer and Pen Test solution for smart contracts. This is a priority because software testing has been one of the most reliable and widely adopted solutions for security and software quality. The definiteness of the testing results is almost unbeatable.
- Build an automatic logging solution that works together with WatchTower and CircuitBreaker.
- Build a formal verification framework and the associated consulting practice.
Step 3 - Decentralized Web3 Security
By the end of this stage, not only sec3 offers a full suite of security solutions that cover every aspect of a DApp’s lifecycle and activities, but many of the solutions or bundles of such solutions are also decentralized, applying token economics to incentivize engagement and contribution from wide community participants.
In this step, we aim to prioritize decentralizing solutions where decentralization and token economics can add the most value.
- Create mechanisms for community contributors and DApp themselves to create WatchTower Bots and get economic benefits for making it available to other DApps.
- Create mechanisms for community contributors and DApp themselves to create X-Ray “signatures” and get economic benefits for making it available to other DApps.
- Create mechanisms for chain validators to run a plugin from sec3, incentivized by sec3 token, to filter out malicious transactions before reaching the consensus voting stage.
- Create a fully functional test-net where all sec3 point solutions can be used to stress test protocols, the test-net is run on and incentivized by a sec3 token.
Step 4 - Provide Risk-based Insurance
Beyond Step 3, if sec3 can have a good way to manage security risk in every step of the way in DApp’s lifecycle, especially given that WatchTower plus CircuitBreaker can reliably stop malicious attacks, sec3 will be in a best position to offer risk based insurance solutions to smart contracts, with token economics implemented.