diff --git a/.markdownlint.json b/.markdownlint.json
index 004f5603..4809c5b8 100644
--- a/.markdownlint.json
+++ b/.markdownlint.json
@@ -42,7 +42,9 @@
"DevOnly",
"BadgeLegend",
"ExportAllCerts",
- "AttackSurfaceDashboard"
+ "AttackSurfaceDashboard",
+ "GovernanceSDLCPipeline",
+ "ChecklistItem"
]
},
"MD037": false,
diff --git a/docs/pages/certs/changelog.mdx b/docs/pages/certs/changelog.mdx
index f1625bbb..4eb4484e 100644
--- a/docs/pages/certs/changelog.mdx
+++ b/docs/pages/certs/changelog.mdx
@@ -75,7 +75,8 @@ aggregates what changed, when, and why so protocols re-certifying after a revisi
### SFC - DNS Registrar (v1.0 → v1.1)
-- `dns-3.1.1` slimmed to reference SFC - Identity & Accounts for account management; DNS-specific registrar RBAC bullet retained.
+- `dns-3.1.1` slimmed to reference SFC - Identity & Accounts for account management;
+ DNS-specific registrar RBAC bullet retained.
### SFC - Incident Response (v1.0 → v1.1)
diff --git a/docs/pages/certs/sfc-dns-registrar.mdx b/docs/pages/certs/sfc-dns-registrar.mdx
index d763854b..9c8aa15a 100644
--- a/docs/pages/certs/sfc-dns-registrar.mdx
+++ b/docs/pages/certs/sfc-dns-registrar.mdx
@@ -193,7 +193,8 @@ import { TagList, AttributionList, TagProvider, TagFilter, ContributeFooter, Cer
*Revision {frontmatter.version} · Updated {frontmatter.revised} · [Changelog](/certs/changelog)*
-The SEAL Framework Checklist (SFC) for DNS Registrar provides best practices for securely managing domain names and DNS configurations.
+The SEAL Framework Checklist (SFC) for DNS Registrar provides best practices for securely managing
+domain names and DNS configurations.
For more details on certifications or self-assessments, refer to the [Certification Guidelines](/certs/certification-guidelines).
diff --git a/docs/pages/config/contributors.json b/docs/pages/config/contributors.json
index 3e625c21..292cf346 100644
--- a/docs/pages/config/contributors.json
+++ b/docs/pages/config/contributors.json
@@ -23,7 +23,7 @@
{ "name": "Issue-Opener-5", "assigned": "2024-08-22" },
{ "name": "Issue-Opener-10", "assigned": "2024-08-24" },
{ "name": "Issue-Opener-25", "assigned": "2024-09-25" },
- { "name": "Active-Last-7d", "lastActive": "2026-04-23" }
+ { "name": "Active-Last-7d", "lastActive": "2026-05-05" }
]
},
"fredriksvantes": {
@@ -81,7 +81,8 @@
"badges": [
{ "name": "Framework-Steward", "framework": "Community Management" },
{ "name": "First-Contribution", "assigned": "2025-01-29" },
- { "name": "First-Review", "assigned": "2025-12-16" }
+ { "name": "First-Review", "assigned": "2025-12-16" },
+ { "name": "Active-Last-30d", "lastActive": "2026-04-07" }
]
},
"robert": {
@@ -155,7 +156,7 @@
{ "name": "Framework-Steward", "assigned": "2025-03-29", "framework": "ENS" },
{ "name": "First-Contribution", "assigned": "2025-05-29" },
{ "name": "First-Review", "assigned": "2025-08-09" },
- { "name": "Dormant-90d+", "lastActive": "2025-08-11" }
+ { "name": "Active-Last-30d", "lastActive": "2026-04-23" }
]
},
"patrickalphac": {
@@ -184,7 +185,7 @@
"twitter": "https://x.com/pinalikefruit",
"website": null,
"company": null,
- "job_title": null,
+ "job_title": "Steward of the Wallet-Security framework",
"role": "steward",
"description": "Steward of Wallet-Security framework",
"badges": [
@@ -231,7 +232,7 @@
{ "name": "First-Review", "assigned": "2025-08-11" },
{ "name": "Reviewer-10", "assigned": "2026-02-24" },
{ "name": "Reviewer-25", "assigned": "2024-03-01" },
- { "name": "Active-Last-7d", "lastActive": "2026-04-20" }
+ { "name": "Active-Last-30d", "lastActive": "2026-04-20" }
]
},
"blackbigswan": {
@@ -337,7 +338,7 @@
"description": "Founder & Engineer",
"badges": [
{ "name": "First-Contribution", "assigned": "2025-06-02" },
- { "name": "Active-Last-7d", "lastActive": "2026-04-21" }
+ { "name": "Active-Last-7d", "lastActive": "2026-05-05" }
]
},
"isaac": {
@@ -355,7 +356,7 @@
{ "name": "Framework-Steward", "assigned": "2025-12-17", "framework": "SEAL Certs" },
{ "name": "First-Contribution", "assigned": "2026-04-21" },
{ "name": "First-Review", "assigned": "2026-01-26" },
- { "name": "Active-Last-7d", "lastActive": "2026-04-21" }
+ { "name": "Active-Last-30d", "lastActive": "2026-04-21" }
]
},
"geoffrey": {
@@ -448,7 +449,7 @@
{ "name": "First-Review", "assigned": "2025-08-12" },
{ "name": "Reviewer-10", "assigned": "2025-09-12" },
{ "name": "Reviewer-25", "assigned": "2026-03-20" },
- { "name": "Active-Last-7d", "lastActive": "2026-04-23" }
+ { "name": "Active-Last-7d", "lastActive": "2026-05-06" }
]
},
"gunnim": {
@@ -667,8 +668,7 @@
"description": "Steward of Monitoring framework",
"badges": [
{ "name": "Framework-Steward", "assigned": "2026-03-17", "framework": "Monitoring" },
- { "name": "First-Contribution", "assigned": "2026-03-16" },
- { "name": "Active-Last-30d", "lastActive": "2026-04-16" }
+ { "name": "First-Contribution", "assigned": "2026-03-16" }
]
},
"tim-sha256": {
@@ -684,7 +684,7 @@
"description": "Frameworks Contributor",
"badges": [
{ "name": "First-Contribution", "assigned": "2026-04-05" },
- { "name": "Active-Last-7d", "lastActive": "2026-04-21" }
+ { "name": "Active-Last-30d", "lastActive": "2026-04-21" }
]
},
"fvelazquez-x": {
@@ -733,8 +733,7 @@
"description": "Frameworks Contributor",
"badges": [
{ "name": "First-Contribution", "assigned": "2026-04-21" },
- { "name": "New-Joiner", "lastActive": "2026-04-21" },
- { "name": "Active-Last-7d", "lastActive": "2026-04-21" }
+ { "name": "Active-Last-30d", "lastActive": "2026-04-21" }
]
},
"welttowelt": {
@@ -750,8 +749,7 @@
"description": "Frameworks Contributor",
"badges": [
{ "name": "First-Contribution", "assigned": "2026-04-21" },
- { "name": "New-Joiner", "lastActive": "2026-04-21" },
- { "name": "Active-Last-7d", "lastActive": "2026-04-21" }
+ { "name": "Active-Last-30d", "lastActive": "2026-04-21" }
]
},
"iam0ti": {
diff --git a/docs/pages/devsecops/governance-proposal-security.mdx b/docs/pages/devsecops/governance-proposal-security.mdx
index d910076b..15364789 100644
--- a/docs/pages/devsecops/governance-proposal-security.mdx
+++ b/docs/pages/devsecops/governance-proposal-security.mdx
@@ -393,7 +393,8 @@ through a finding without anyone else noticing.
Integration tests MUST exercise the exact deployment script that will run on mainnet — not a hand-written
setup that looks equivalent. If `script/Deploy.s.sol` (or your equivalent) produces a different system state
than your test harness parameterizes, then the suite that passed is testing a different system than the one
-that ships. That divergence is a well-documented source of false confidence and real security incidents where user funds have been stolen.
+that ships. That divergence is a well-documented source of false confidence and real security incidents
+where user funds have been stolen.
Have the integration tests execute the deployment script itself, then run invariants and behavioral tests
against the resulting state. The more complex the system, the more surface area exists for the script and
the test to drift apart, so the more strictly this needs to be enforced.
diff --git a/docs/pages/devsecops/index.mdx b/docs/pages/devsecops/index.mdx
index 10d1f524..77399cac 100644
--- a/docs/pages/devsecops/index.mdx
+++ b/docs/pages/devsecops/index.mdx
@@ -14,7 +14,8 @@ title: "Devsecops"
- [DevSecOps](/devsecops/overview)
- [Implementing Code Signing](/devsecops/code-signing)
- [Securing CI/CD Pipelines](/devsecops/continuous-integration-continuous-deployment)
-- [Data Security & Contract Upgrade Checklist](/devsecops/data-security-upgrade-checklist)
+- [Data Security Checklist](/devsecops/data-security-upgrade-checklist)
+- [Governance Proposal Security Across the SDLC](/devsecops/governance-proposal-security)
- [Securing Development Environments](/devsecops/integrated-development-environments)
- [Repository Hardening](/devsecops/repository-hardening)
- [Security Testing](/devsecops/security-testing)
diff --git a/docs/pages/dprk-it-workers/general-information.mdx b/docs/pages/dprk-it-workers/general-information.mdx
index 41871e9a..f922730f 100644
--- a/docs/pages/dprk-it-workers/general-information.mdx
+++ b/docs/pages/dprk-it-workers/general-information.mdx
@@ -30,7 +30,8 @@ import { TagList, AttributionList, TagProvider, TagFilter, ContributeFooter } fr
also unintentional actions like negligence (e.g. ignoring security updates) or accidents (e.g. sending sensitive
document to the wrong email address) leading to security breaches and/or data leaks.
2. DPRK IT workers are individuals from North Korea (the Democratic People's Republic of Korea) who engage in remote IT
- work for foreign companies, often using false identities. Their work, while often appearing legitimate, is a source of
+ work for foreign companies, often using false identities. Their work, while often appearing
+ legitimate, is a source of
revenue for the North Korean regime, may be involved in malicious activities, and constitutes a serious violation of
international sanctions to send payments to North Korea. **"DPRK IT Workers" are synonymous with an "insider threat."**
3. Read: [OFAC's North Korea Information Technology Workers
diff --git a/docs/pages/dprk-it-workers/mitigating-dprk-it-workers.mdx b/docs/pages/dprk-it-workers/mitigating-dprk-it-workers.mdx
index a778a1d8..d870b620 100644
--- a/docs/pages/dprk-it-workers/mitigating-dprk-it-workers.mdx
+++ b/docs/pages/dprk-it-workers/mitigating-dprk-it-workers.mdx
@@ -37,7 +37,8 @@ limit the effects of a DPRK IT Worker infiltration and what you should do after
all of your non-DPRK employees on these points, especially people responsible for hiring, developer relations, talent
hunting, and community management.**
2. Introduce a culture of background checks. Do not take a prospective developer's claims at face value. **Even the
- most basic OSINT check can often discover deep inconsistencies. Check GitHub commit history, check Twitter history, and
+ most basic OSINT check can often discover deep inconsistencies. Check GitHub commit history,
+ check Twitter history, and
Google the full name of the developer.**
1. Is the work experience claimed in the CV reflected on GitHub?
2. Does the potential employee indicate any physical presence anywhere?
@@ -97,7 +98,8 @@ limit the effects of a DPRK IT Worker infiltration and what you should do after
1. Contact security professionals if you're unable to handle the situation alone. You can reach out to SEAL911
(@seal_911_bot on Telegram).
2. **You do not need to end the engagement abruptly. It's important to maintain a facade while you deal with access
- revocation and mitigate any immediate risks to your organization.** Act normally, but start preparing an actionable plan
+ revocation and mitigate any immediate risks to your organization.** Act normally, but start
+ preparing an actionable plan
immediately and aim to remove the DPRK IT Worker within the next few days at most. If your organization is properly
siloed from insider threats, you shouldn't have much of an issue firing the worker almost immediately after
conducting a post-mortem review.
diff --git a/docs/pages/dprk-it-workers/techniques-tactics-and-procedures.mdx b/docs/pages/dprk-it-workers/techniques-tactics-and-procedures.mdx
index fbe51408..adcc5cca 100644
--- a/docs/pages/dprk-it-workers/techniques-tactics-and-procedures.mdx
+++ b/docs/pages/dprk-it-workers/techniques-tactics-and-procedures.mdx
@@ -267,7 +267,8 @@ are used as cover. Incorporate unpredictable, interactive requests that a pre-re
documentation along with poor language skills. **Run a background check on all the data.** Can you find a person
with the same name whose identity was potentially stolen or borrowed? Is the address provided legitimate, or does
it seem 'random' (e.g., an empty house, a business venue)? Google "(Full Name of your worker) + sentenced" to see
- if the DPRK IT Worker bought a criminal's identity (an often-seen case with claimed US-based personas). Perform a
+ if the DPRK IT Worker bought a criminal's identity (an often-seen case with claimed US-based
+ personas). Perform a
reverse image search on your worker's profile pictures/avatars. Are there more similar accounts using the exact
same image? **Beware that DPRK IT Workers have no issues providing credible-looking KYC documentation; some of
these documents even pass authentication checks on specialized services.**
@@ -277,7 +278,8 @@ are used as cover. Incorporate unpredictable, interactive requests that a pre-re
entire company is composed of DPRK IT Workers if such tactics succeed).** Additionally, check if the potential
DPRK IT Worker hasn't already added some of their 'friends' to your organization without your knowledge.
8. **Proximity to other suspicious/spam accounts.** Don't be fooled by GitHub or Twitter accounts that are over
- 10 years old. DPRK IT Workers can easily source these. However, check if your worker has any meaningful history of
+ 10 years old. DPRK IT Workers can easily source these. However, check if your worker has any
+ meaningful history of
interaction with their followers/following. Or, do all accounts in proximity to your worker appear spam-like or
like bots?
9. **Poor social skills.** It's usually (but not always) the case that a DPRK IT Worker will have trouble with
diff --git a/docs/pages/front-end-web-app/third-party-script-security.mdx b/docs/pages/front-end-web-app/third-party-script-security.mdx
index 55af4ba6..485c5f64 100644
--- a/docs/pages/front-end-web-app/third-party-script-security.mdx
+++ b/docs/pages/front-end-web-app/third-party-script-security.mdx
@@ -375,7 +375,8 @@ Beyond the core mechanisms above, consider these complementary measures:
-> walkthrough on applying SRI to CDN-hosted assets
- [MDN: Import Maps](https://developer.mozilla.org/en-US/docs/Web/HTML/Element/script/type/importmap)
-> specification and usage guide
-- [MDN: Trusted Types](https://developer.mozilla.org/en-US/docs/Web/API/Trusted_Types_API) -> API reference and browser compatibility
+- [MDN: Trusted Types](https://developer.mozilla.org/en-US/docs/Web/API/Trusted_Types_API)
+ -> API reference and browser compatibility
- [Google: Trusted Types Adoption Guide](https://web.dev/articles/trusted-types) -> step-by-step policy implementation guide
## Related Frameworks
diff --git a/docs/pages/intro/introduction.mdx b/docs/pages/intro/introduction.mdx
index 02bfffc6..17b5d827 100644
--- a/docs/pages/intro/introduction.mdx
+++ b/docs/pages/intro/introduction.mdx
@@ -48,7 +48,8 @@ desire to foster a safer, more informed digital landscape. We do this by designi
technologists, and coordinating on the social layer to ensure meaningful adoption.
:::info[AI-friendly documentation]
-All framework content is available in LLM-friendly format following the [llms.txt](https://llmstxt.org/) standard - one file per framework, plus a routing index. See the [LLMs page](/intro/llms) for the full list.
+All framework content is available in LLM-friendly format following the [llms.txt](https://llmstxt.org/) standard -
+one file per framework, plus a routing index. See the [LLMs page](/intro/llms) for the full list.
:::
---
diff --git a/docs/pages/intro/llms.mdx b/docs/pages/intro/llms.mdx
index df45e832..d32eb40f 100644
--- a/docs/pages/intro/llms.mdx
+++ b/docs/pages/intro/llms.mdx
@@ -5,11 +5,16 @@ description: LLM-friendly documentation for the Security Alliance Frameworks, fo
# LLMs
-The Security Alliance Frameworks documentation is available in LLM-friendly format following the [llms.txt](https://llmstxt.org/) standard. These files are generated at build time and designed to be fetched by AI assistants and coding tools to provide accurate, up-to-date framework content as context.
+The Security Alliance Frameworks documentation is available in LLM-friendly format following the
+[llms.txt](https://llmstxt.org/) standard. These files are generated at build time and designed to be
+fetched by AI assistants and coding tools to provide accurate, up-to-date framework content as context.
## How to use
-AI assistants should start with [`/llms.txt`](https://frameworks.securityalliance.org/llms.txt), the routing index. It lists every framework with a description and topic summary, so the AI can identify the best match and fetch the framework index file. From there, per-page files can be fetched for detailed content on a specific topic.
+AI assistants should start with [`/llms.txt`](https://frameworks.securityalliance.org/llms.txt), the routing
+index. It lists every framework with a description and topic summary, so the AI can identify the best match
+and fetch the framework index file. From there, per-page files can be fetched for detailed content on a
+specific topic.
## File structure
@@ -21,19 +26,24 @@ Three file types are available:
/llms/{framework-name}/{page}.txt per-page file —> full content of a single page
```
-The `{framework-name}` maps to the framework's folder name in the repository and `{page}` to the page's slug. For example, the Wallet Security seed phrase page lives at `docs/pages/wallet-security/seed-phrase-management.mdx` and its per-page file is at `/llms/wallet-security/seed-phrase-management.txt`.
+The `{framework-name}` maps to the framework's folder name in the repository and `{page}` to the page's slug.
+For example, the Wallet Security seed phrase page lives at `docs/pages/wallet-security/seed-phrase-management.mdx`
+and its per-page file is at `/llms/wallet-security/seed-phrase-management.txt`.
## What each file contains
**`/llms.txt`** - routing index:
+
- One entry per framework with its index file URL, description, and topic list
**`/llms/{framework-name}.txt`** - framework index:
+
- Header, description, and AI instructions
- Full content of the overview page for immediate context
- Links to all per-page files with one-line descriptions
**`/llms/{framework-name}/{page}.txt`** - per-page file:
+
- Full markdown content of that page
- Source URL and framework attribution
diff --git a/docs/pages/opsec/integration/overview.mdx b/docs/pages/opsec/integration/overview.mdx
index 7550cd54..950258f0 100644
--- a/docs/pages/opsec/integration/overview.mdx
+++ b/docs/pages/opsec/integration/overview.mdx
@@ -143,19 +143,42 @@ Aligning operational security practices with established security standards and
### Web3-Specific Standards
-1. **MITRE AADAPT** — [Adversarial Tactics, Techniques, and Procedures for Digital Asset Systems](https://aadapt.mitre.org/). Modeled after MITRE ATT&CK, AADAPT catalogs real-world adversary behavior targeting blockchain and digital-asset infrastructure. It provides a structured taxonomy of tactics, techniques, and sub-techniques that helps security teams understand attacker workflows, map detections, and prioritize defenses. Use AADAPT to align OpSec threat modeling with the latest Web3 TTPs.
-
-2. **OWASP Smart Contract Weakness Enumeration (SCWE)** — [OWASP SCWE](https://scs.owasp.org/SCWE/). A smart-contract-specific weakness enumeration inspired by CWE. SCWE supersedes the now-outdated SWC Registry, covering all 36 SWC entries plus additional weakness classes identified since. Reference SCWE when classifying vulnerabilities found during audits, penetration tests, or formal verification to maintain a consistent, community-maintained taxonomy.
-
-3. **OWASP Smart Contract Top 10** — [Smart Contract Top 10](https://owasp.org/www-project-smart-contract-top-10/). An awareness standard under the OWASP Top 10 initiative that highlights the ten most critical smart contract vulnerability categories, ranked and updated yearly. Use it as a risk-prioritization checklist during design reviews and audit scoping to ensure the most impactful weaknesses receive attention first.
-
-4. **EEA EthTrust Security Levels v3** — [EthTrust SL v3](https://entethalliance.org/specs/ethtrust-sl/). Defines certification requirements and three assurance levels (S, M, Q) for audited smart contracts. Level S requires formal verification and comprehensive testing; Level M requires thorough manual review; Level Q covers quick-scan assessments. Map OpSec audit procedures to the appropriate EthTrust level to communicate assurance rigor to stakeholders and regulators.
+1. **MITRE AADAPT** —
+ [Adversarial Tactics, Techniques, and Procedures for Digital Asset Systems](https://aadapt.mitre.org/).
+ Modeled after MITRE ATT&CK, AADAPT catalogs real-world adversary behavior targeting blockchain and
+ digital-asset infrastructure. It provides a structured taxonomy of tactics, techniques, and
+ sub-techniques that helps security teams understand attacker workflows, map detections, and
+ prioritize defenses. Use AADAPT to align OpSec threat modeling with the latest Web3 TTPs.
+
+2. **OWASP Smart Contract Weakness Enumeration (SCWE)** — [OWASP SCWE](https://scs.owasp.org/SCWE/).
+ A smart-contract-specific weakness enumeration inspired by CWE. SCWE supersedes the now-outdated
+ SWC Registry, covering all 36 SWC entries plus additional weakness classes identified since.
+ Reference SCWE when classifying vulnerabilities found during audits, penetration tests, or formal
+ verification to maintain a consistent, community-maintained taxonomy.
+
+3. **OWASP Smart Contract Top 10** — [Smart Contract Top 10](https://owasp.org/www-project-smart-contract-top-10/).
+ An awareness standard under the OWASP Top 10 initiative that highlights the ten most critical smart
+ contract vulnerability categories, ranked and updated yearly. Use it as a risk-prioritization
+ checklist during design reviews and audit scoping to ensure the most impactful weaknesses receive
+ attention first.
+
+4. **EEA EthTrust Security Levels v3** — [EthTrust SL v3](https://entethalliance.org/specs/ethtrust-sl/).
+ Defines certification requirements and three assurance levels (S, M, Q) for audited smart contracts.
+ Level S requires formal verification and comprehensive testing; Level M requires thorough manual
+ review; Level Q covers quick-scan assessments. Map OpSec audit procedures to the appropriate
+ EthTrust level to communicate assurance rigor to stakeholders and regulators.
### Early-Stage & Emerging Standards
-The following standards are actively maintained but have narrower adoption or are still evolving. They are worth tracking if you operate in their scope.
+The following standards are actively maintained but have narrower adoption or are still evolving.
+They are worth tracking if you operate in their scope.
-1. **Cryptocurrency Security Standard (CCSS)** — [CCSS v3.2](https://cryptoconsortium.org/ccss/). A maturity standard for crypto-infrastructure security covering key management, wallet operations, and key-person controls. CCSS defines three assurance levels: Level 1 covers self-assessment; Level 2 adds third-party audit; Level 3 requires penetration testing and full documentation review. Use CCSS when designing or evaluating the security posture of custodial wallets, exchanges, or treasury operations that handle private keys at scale.
+1. **Cryptocurrency Security Standard (CCSS)** — [CCSS v3.2](https://cryptoconsortium.org/ccss/).
+ A maturity standard for crypto-infrastructure security covering key management, wallet operations,
+ and key-person controls. CCSS defines three assurance levels: Level 1 covers self-assessment;
+ Level 2 adds third-party audit; Level 3 requires penetration testing and full documentation review.
+ Use CCSS when designing or evaluating the security posture of custodial wallets, exchanges, or
+ treasury operations that handle private keys at scale.
## Creating a Unified Security Approach
diff --git a/docs/pages/privacy/index.mdx b/docs/pages/privacy/index.mdx
index bf0d6a6b..8ca7bb83 100644
--- a/docs/pages/privacy/index.mdx
+++ b/docs/pages/privacy/index.mdx
@@ -18,4 +18,4 @@ title: "Privacy"
- [Encrypted Communication Tools](/privacy/encrypted-communication-tools)
- [Financial Privacy Services](/privacy/financial-privacy-services)
- [Privacy-Focused Operating Systems](/privacy/privacy-focused-operating-systems-tools)
-- [VPN Services](/privacy/vpn-services)
+- [Vpns](/privacy/vpns)
diff --git a/docs/pages/privacy/vpns/https-vs-vpn.mdx b/docs/pages/privacy/vpns/https-vs-vpn.mdx
index e07a5bef..8e78141a 100644
--- a/docs/pages/privacy/vpns/https-vs-vpn.mdx
+++ b/docs/pages/privacy/vpns/https-vs-vpn.mdx
@@ -32,7 +32,7 @@ A common misconception is that HTTPS makes VPNs unnecessary. They solve differen
They overlap on encryption but diverge on almost everything else:
| Aspect | HTTPS | VPN |
-|--------|-------|-----|
+| -------- | ------- | ----- |
| What is encrypted | Content of a single connection | All traffic from the device |
| Who sees the destination | Your ISP, local network, anyone on path (via SNI) | Only the VPN provider |
| Who sees your IP | Every server you connect to | Only the VPN provider |
diff --git a/docs/pages/privacy/vpns/index.mdx b/docs/pages/privacy/vpns/index.mdx
new file mode 100644
index 00000000..d6f77ed6
--- /dev/null
+++ b/docs/pages/privacy/vpns/index.mdx
@@ -0,0 +1,19 @@
+---
+title: "Vpns"
+---
+
+{/* AUTOGENERATED: This file is generated by utils/generate-folder-indexes.js */}
+
+# Vpns
+
+> _Note:_ This page is auto-generated. Please use the sidebar to explore the docs instead of
+> navigating directory paths directly.
+
+## Pages
+
+- [VPN Services](/privacy/vpns/overview)
+- [HTTPS vs VPN](/privacy/vpns/https-vs-vpn)
+- [Attack Surfaces on Public Networks](/privacy/vpns/attack-surfaces-public-networks)
+- [When to Use a VPN](/privacy/vpns/when-to-use-vpn)
+- [VPN Limitations](/privacy/vpns/vpn-limitations)
+- [VPN Providers and Tools](/privacy/vpns/vpn-providers-and-tools)
diff --git a/docs/pages/privacy/vpns/vpn-providers-and-tools.mdx b/docs/pages/privacy/vpns/vpn-providers-and-tools.mdx
index e39da4e0..db6c5450 100644
--- a/docs/pages/privacy/vpns/vpn-providers-and-tools.mdx
+++ b/docs/pages/privacy/vpns/vpn-providers-and-tools.mdx
@@ -89,7 +89,8 @@ Select tools that match your threat model. You do not need all of these.
## Resources
-- [Are VPNs really necessary? Is HTTPS enough?](https://blog.theredguild.org/are-vpns-really-necessary-is-https-enough/): The Red Guild article on HTTPS vs VPN, metadata leakage, and threat modeling.
+- [Are VPNs really necessary? Is HTTPS enough?](https://blog.theredguild.org/are-vpns-really-necessary-is-https-enough/):
+ The Red Guild article on HTTPS vs VPN, metadata leakage, and threat modeling.
---
diff --git a/docs/pages/supply-chain/incident-response-supply-chain.mdx b/docs/pages/supply-chain/incident-response-supply-chain.mdx
index 7ae5ed7b..423ca210 100644
--- a/docs/pages/supply-chain/incident-response-supply-chain.mdx
+++ b/docs/pages/supply-chain/incident-response-supply-chain.mdx
@@ -153,7 +153,8 @@ When a supply chain compromise is reported:
## Further Reading
- [Incident Management](/incident-management/overview): General incident response procedures and team coordination
-- [Web3 Supply Chain Threats](/supply-chain/web3-supply-chain-threats): Real-world incidents that illustrate the attack patterns
+- [Web3 Supply Chain Threats](/supply-chain/web3-supply-chain-threats): Real-world incidents that
+ illustrate the attack patterns
described here
- [Dependency Awareness](/supply-chain/dependency-awareness): Preventive practices like version pinning and lockfile integrity
that reduce exposure
diff --git a/docs/pages/supply-chain/overview.mdx b/docs/pages/supply-chain/overview.mdx
index b210e570..cbc2753c 100644
--- a/docs/pages/supply-chain/overview.mdx
+++ b/docs/pages/supply-chain/overview.mdx
@@ -56,7 +56,8 @@ This framework provides practical guidance for securing each layer of your suppl
projects, from frontend library hijacking to infrastructure compromise and hardware tampering.
3. [Supply Chain Levels for Software Artifacts](/supply-chain/supply-chain-levels-software-artifacts): Classify your
components by risk level and apply proportional controls.
-4. [Vendor Risk Management](/supply-chain/vendor-risk-management): Evaluate and monitor third-party providers including RPC
+4. [Vendor Risk Management](/supply-chain/vendor-risk-management): Evaluate and monitor third-party
+ providers including RPC
services, oracle networks, security auditors, and contractors.
5. [Supply Chain Incident Response](/supply-chain/incident-response-supply-chain): What to do when a dependency or
provider is compromised, including Web3-specific response scenarios.
diff --git a/docs/pages/wallet-security/seed-phrase-management.mdx b/docs/pages/wallet-security/seed-phrase-management.mdx
index eb34b425..6be52c62 100644
--- a/docs/pages/wallet-security/seed-phrase-management.mdx
+++ b/docs/pages/wallet-security/seed-phrase-management.mdx
@@ -72,7 +72,8 @@ date these bags, and also take a picture of its serial number.
**Use case:**
You can put your Piece 1: Words 1-16 of your seed, inside a safe.
-Piece 2: Words 9-24 of your seed, somewhere safe (different location) in a tamper evident bag (could be at your parents place).
+Piece 2: Words 9-24 of your seed, somewhere safe (different location) in a tamper evident bag (could be
+at your parents place).
Piece 3: Words 1-8 and 17-24 of your seed, somewhere safe (different location) in a tamper evident bag (could be
somewhere else, at a family member or trusted friend).
You can put your backup ledger while traveling inside this, in the safe of your hotel room to detect tampering.
diff --git a/docs/pages/wallet-security/signing-and-verification/secure-multisig-squads-verification.mdx b/docs/pages/wallet-security/signing-and-verification/secure-multisig-squads-verification.mdx
index f0d96130..766802ad 100644
--- a/docs/pages/wallet-security/signing-and-verification/secure-multisig-squads-verification.mdx
+++ b/docs/pages/wallet-security/signing-and-verification/secure-multisig-squads-verification.mdx
@@ -19,7 +19,8 @@ import { TagList, AttributionList, TagProvider, TagFilter, ContributeFooter } fr
# Squads Multisig: Step-by-Step Verification
-Limited tooling is available for Solana verification compared to EVM. Exercise extra caution and cross-verify with team members.
+Limited tooling is available for Solana verification compared to EVM. Exercise extra caution and
+cross-verify with team members.
diff --git a/docs/pages/wallet-security/tools-and-resources.mdx b/docs/pages/wallet-security/tools-and-resources.mdx
index 415073c7..be38633d 100644
--- a/docs/pages/wallet-security/tools-and-resources.mdx
+++ b/docs/pages/wallet-security/tools-and-resources.mdx
@@ -112,7 +112,8 @@ operations.
- **[Safe Multisig Transaction Hashes](https://github.com/pcaversaccio/safe-tx-hashes-util)**: A Bash script that
locally calculates domain and message hashes using the EIP-712 standard. It allows you to generate the exact hash that
your hardware wallet will display.
-- **[Cyfrin Safe TX Hashes](https://github.com/Cyfrin/safe-tx-hashes)**: for additional support without relying on Safe API.
+- **[Cyfrin Safe TX Hashes](https://github.com/Cyfrin/safe-tx-hashes)**: for additional support
+ without relying on Safe API.
- **[Safe Utils](https://safeutils.openzeppelin.com/)**: A user-friendly web interface for calculating and verifying
Safe transaction hashes. While convenient, remember the security advantages of using a local, offline tool like
`safe-hash` for high-value transactions.
diff --git a/utils/fetched-tags.json b/utils/fetched-tags.json
index 87786e21..cb7a380b 100644
--- a/utils/fetched-tags.json
+++ b/utils/fetched-tags.json
@@ -187,6 +187,11 @@
"Operations & Strategy",
"Smart Contracts"
],
+ "/devsecops/governance-proposal-security": [
+ "Engineer/Developer",
+ "Operations & Strategy",
+ "Smart Contracts"
+ ],
"/devsecops/integrated-development-environments": [
"Engineer/Developer",
"Security Specialist",
@@ -1009,7 +1014,27 @@
"Engineer/Developer",
"Security Specialist"
],
- "/privacy/vpn-services": [
+ "/privacy/vpns/attack-surfaces-public-networks": [
+ "Engineer/Developer",
+ "Security Specialist"
+ ],
+ "/privacy/vpns/https-vs-vpn": [
+ "Engineer/Developer",
+ "Security Specialist"
+ ],
+ "/privacy/vpns/overview": [
+ "Engineer/Developer",
+ "Security Specialist"
+ ],
+ "/privacy/vpns/vpn-limitations": [
+ "Engineer/Developer",
+ "Security Specialist"
+ ],
+ "/privacy/vpns/vpn-providers-and-tools": [
+ "Engineer/Developer",
+ "Security Specialist"
+ ],
+ "/privacy/vpns/when-to-use-vpn": [
"Engineer/Developer",
"Security Specialist"
],
@@ -1330,6 +1355,7 @@
"OpSec Core Concepts": "opsec",
"While Traveling": "opsec",
"Privacy": "privacy",
+ "VPN Services": "privacy",
"Safe Harbor": "safe-harbor",
"Secure Software Development": "secure-software-development",
"Security Automation": "security-automation",
diff --git a/wordlist.txt b/wordlist.txt
index 486544e0..869906f4 100644
--- a/wordlist.txt
+++ b/wordlist.txt
@@ -1,3 +1,4 @@
+AADAPT
AccuKnox
Acuvity
Aderyn
@@ -180,6 +181,7 @@ ledgerhq
levation
lexpunk
liquidatable
+llms
LLVM
LUKS
Mahhouk
@@ -285,6 +287,7 @@ sambacha
satisfiable
SBLWT
Schneier
+SCWE
SDLC
SED
SEDs