Scale or Die 2025: Designing Holistic Security Programs

In a groundbreaking presentation at the Accelerate conference, Jonathan Claudius, co-founder and CEO of Asymmetric Research, challenges the crypto industry's "move fast and break things" mentality. His message? Embrace boring security practices to ensure long-term success and avoid catastrophic failures.

Summary

Jonathan Claudius, speaking from his experience working with high-stakes crypto projects, emphasizes the importance of building holistic security programs. He argues that while the crypto space often demands speed and aggression, projects that survive in the long run are those that choose "boring" approaches in finance, operations, and security.

Claudius introduces the concept of "defense in depth" as a key principle in building robust security programs. This approach involves layering imperfect security measures to create a unified defense, reducing the risk of catastrophic failures. He warns against common pitfalls such as postponing security considerations until late stages of development or relying too heavily on external audits and bug bounties.

The presentation highlights the need for a shift in mindset, encouraging projects to incorporate security considerations early in the design process. Claudius provides examples of successful implementations, including Solana's Firedancer client and the Wormhole cross-chain bridge, demonstrating how early security design decisions can provide long-term benefits without sacrificing innovation or speed.

Key Points:

The Importance of Boring Security Practices

Claudius begins his presentation with a counterintuitive ask: to be boring. In the fast-paced world of crypto, where innovation and speed are often prioritized, this request stands out. However, Claudius argues that choosing boring approaches in finance, operations, and security is what allows projects to truly go the distance.

This doesn't mean a lack of ambition or innovation. Instead, it represents a resistance to chaos and an aversion to variance. By making fewer irrecoverable bets, projects can preserve long-term value. Claudius likens this approach to the boringness of seatbelts or safeguards on roller coasters – essential for safety but not detracting from the overall experience.

Defense in Depth: A Layered Approach to Security

A core principle discussed in the presentation is "defense in depth." This concept involves adding layers to security programs that, while imperfect individually, form a unified and robust defense when combined. The idea is to plan for failure at every stage, reducing the volume and impact of bugs as the project progresses.

Claudius emphasizes that implementing defense in depth early in the development process can actually serve as an accelerant for projects. By addressing potential security issues in the design phase, teams can move forward with greater confidence and avoid costly fixes later in the development cycle.

Common Pitfalls in Crypto Security

The presentation highlights several "security smells" or anti-patterns that can compound risk and hinder progress:

1. Security as Performance: Projects that focus on the appearance of security (e.g., partnership announcements) without implementing substantive measures.
2. Misaligned Investment: Inadequate budgeting for security, mismatched audit scopes, or failure to diversify security reviews.
3. Outsourced Hope: Launching bug bounties before conducting internal reviews, leading to potentially catastrophic discoveries late in the development process.

Claudius warns that these practices can lead to a false sense of security and accumulation of technical debt, making it increasingly difficult for projects to make meaningful progress over time.

Real-world Examples of Effective Security Design

To illustrate the benefits of early security integration, Claudius presents two case studies:

1. Firedancer: Solana's new client written in C implements a sandbox for every tile in its architecture. This design decision guards against remote code execution risks inherent in C programming, allowing the team to innovate with confidence.

2. Wormhole: This cross-chain bridge implemented a "governor" system, essentially a rate limiter for notional value. This feature constrains the potential damage from security issues in connected chains, providing operational flexibility and risk mitigation.

These examples demonstrate how early security considerations can provide durable value without impeding innovation or speed.

Facts + Figures

• Asymmetric Research works with some of the highest stakes projects in crypto
• Defense in depth is a key principle in building robust security programs
• Ignoring security until late stages can result in very low ROI
• Talent scarcity in the crypto space makes comprehensive security challenging
• Misaligned investment in security can lead to overpaying or under-scoping work
• Launching bug bounties before internal reviews can be detrimental
• Firedancer, Solana's new client, is written in C and implements a sandbox for every tile in its architecture
• Wormhole, a cross-chain bridge, implemented a "governor" system to limit potential damage from security issues

Top quotes

1. "I want to ask you to be boring. And I know that I can feel like a very atypical ask here at a conference called Accelerate."
2. "You will burn to your treasury trying to manage bug bounties at a rate that you wouldn't have expected."
3. "We want to help you build resilient, composable, and yes, a little boring."
4. "Security is a bit of a slippery slope, right? If we ignore it too late and we wait too late in the process, we end up too steep on the edge of this curve."
5. "Defense in depth is actually what's going to allow us to move fast with confidence."
6. "This is not about being slow or unimaginative. This is about building with intention and with discipline."
7. "I want you to ship and not die. And I want you to survive. I want you to outlast."

Questions Answered

Why is it important for crypto projects to focus on "boring" security practices?

Boring security practices are crucial for crypto projects because they help preserve long-term value and reduce the risk of catastrophic failures. By implementing robust, layered security measures from the early stages of development, projects can move forward with greater confidence and avoid costly fixes or irreparable damage later on. This approach allows for innovation and speed while providing essential safeguards against potential threats.

What is "defense in depth" and why is it important in crypto security?

Defense in depth is a security approach that involves implementing multiple layers of security controls to protect a system. In crypto security, this means adding various security measures that, while individually imperfect, create a strong unified defense when combined. This approach is important because it plans for potential failures at every stage, reducing the overall risk and impact of security issues. By implementing defense in depth early in the development process, projects can actually accelerate their progress with greater confidence.

What are some common pitfalls in crypto security programs?

Common pitfalls in crypto security programs include focusing on the appearance of security rather than substantive measures, misaligning security investments (such as inadequate budgeting or mismatched audit scopes), and outsourcing hope by launching bug bounties before conducting thorough internal reviews. These practices can lead to a false sense of security, accumulation of technical debt, and potentially catastrophic discoveries late in the development process. Avoiding these pitfalls requires a holistic approach to security that starts from the earliest stages of project design.

How can early security considerations benefit crypto projects?

Early security considerations can provide numerous benefits to crypto projects. By addressing potential security issues in the design phase, teams can build more robust systems from the ground up, reducing the need for costly fixes later in development. This approach allows projects to move forward with greater confidence, knowing that fundamental security measures are in place. Examples like Solana's Firedancer client and the Wormhole cross-chain bridge demonstrate how early security decisions can provide long-term value without impeding innovation or speed.

What is the "governor" system implemented by Wormhole, and why is it important?

The "governor" system implemented by Wormhole is essentially a rate limiter for notional value in cross-chain transactions. This feature is important because it constrains the potential damage from security issues in connected chains. By limiting the value that can be transferred over time, the system provides operational flexibility and risk mitigation. In the event of a security issue with one of the connected chains, the governor system allows time for the team to respond and caps the specific amount of risk over time, preventing widespread cross-chain contagion.