Secure3

Secure3 is a battlefield where elite auditors compete to safeguard Web3 innovations against security threats.

Roles

  • Projects: sponsor the audit contest and reward the auditors who helped them secure their code

  • Auditors: securing the web3 ecosystem together as one community through collaborative audit contests

  • Secure3:

    • Working together with the projects to ensure the spending is optimized for the best security coverage through:

      • Continuous improvement on auditor matching mechanism

    • Working together with projects and auditors to ensure auditors' hard work is fairly evaluated and rewarded

      • Continuous improvement on the Incentive Model and Severity Standard that strives for community growth

Traditional Audits vs. Secure3

Traditional Audits

Secure3 Audit Contests

Fixed Cost: A high margin is paid to auditing firms' marketing costs and fixed salaries.

Flexible Cost: auditors from the community are scalable. Projects can customize audit contest plans based on requirements, timelines, and budget

Long Wait Time: quality audit firms often have a long wait queue, sometimes months long

Flexible Time: The audit contest can start within 24 hours

Limited Angles: A limited amount of auditors will examine your code. Big companies often just go through a checklist of routines

Diversified Coverage: 3-10x more auditors on each project. Often from different backgrounds and has to be creative to excel

Poor Incentive: No incentive to be creative and do extra out of routine. Defensive on mistakes, and stubborn in transparency

Great Incentive: Rewards are split based purely on performance. No findings no rewards.Maintaining a transparent standard and inclusive community is also the core interest of Secure3.

Bug Bounty vs. Secure3

Bug Bounty

Secure3 Audit Contest

Poor Incentive: Winner-takes-all, only one auditor will receive the reward for an issue, resulting in low engagement

Great Incentive: Rewards are split based on performance. No findings no rewards. Meanwhile, competition still provides auditors who discovered unique and creative findings the opportunities to excel

Short-term Engagement: Anyone can participate anytime

Auditor Matching: Only verified auditors with the most relevant background can participate

No Focus: Whitehats work on multiple projects, and only look at low-hanging fruit.

Dedication and Focus: An auditor is matched to one project at a time: have time and incentive to analyze your code from both security and business angles

Low Efficiency: high-quality findings overwhelmed by random submissions.

High Efficiency: Cross-examination and validation are conducted in-house to optimize turnaround time for you

How do we ensure ensure better audit quality?

To learn more about how Secure3 ensures better audit quality and efficiency, see the details in Projects.

Last updated