BlackHartBlackHart
Scores/USDC/Provenance/Operational Security
D11

Operational Security

Incident response speed, deployment hygiene, key management, monitoring infrastructure, and emergency history.

Weight 10%70% confidence
72
Good
info

How This Score Is Built

Incident response speed, deployment hygiene, key management, monitoring infrastructure, and emergency history.

+23Strong positive
+12Positive
+5Slight positive
−15Strong negative
−8Negative
−3Slight negative

Scoring Tree

BRI Formula
300 + 700 × ∏(Dᵢ/100)^wᵢ
733
Current BRI
D11Operational Security
Weight 10%
72
(72/100)^0.1 = 0.9677
Sub-Scores
Development Practices
70
Incident Response
78
Deployment Hygiene
80
Key Management
68
Monitoring
72
Emergency History
82
Contributing Factors
+18circlefin/stablecoin-evm: 100% commit signing (30/30 recent commits GPG-verified), Apache-2.0, SECURITY.md present pointing to HackerOne, actively maintained (last commit 2026-04, but low cadence ~1 commit/90d consistent with a mature frozen codebase)
+18CI is mixed on recent runs (11 success / 6 failure of last 20) — typical of fork/external-PR pipelines on a public repo; deployments are gated and verified on-chain
+18Branch-protection settings were NOT readable with the available token scope (returns 'Not Found'); treated as unknown, not absent
+18REPLACES the prior indicative estimate (70/conf 55) with real GitHub-collected data (signing %, CI history, SECURITY.md, bounty cap)
-28OpSec drag: Circle BBP caps the CRITICAL contract payout at $5,000 — a weak incentive for white-hat disclosure relative to the value at risk; this is the main reason D11 does not score higher
Evidence Sources
blackhart_analysisMay 30sha256:6767e0543c28....

Sub-Score Breakdown

Development Practices
70
Incident Response
78
Deployment Hygiene
80
Key Management
68
Monitoring
72
Emergency History
82

Score Composition

-28

OpSec drag: Circle BBP caps the CRITICAL contract payout at $5,000 — a weak incentive for white-hat disclosure relative to the value at risk; this is the main reason D11 does not score higher

Negative
+18

circlefin/stablecoin-evm: 100% commit signing (30/30 recent commits GPG-verified), Apache-2.0, SECURITY.md present pointing to HackerOne, actively maintained (last commit 2026-04, but low cadence ~1 commit/90d consistent with a mature frozen codebase)

Positive
+18

CI is mixed on recent runs (11 success / 6 failure of last 20) — typical of fork/external-PR pipelines on a public repo; deployments are gated and verified on-chain

Positive
+18

Branch-protection settings were NOT readable with the available token scope (returns 'Not Found'); treated as unknown, not absent

Positive
+18

REPLACES the prior indicative estimate (70/conf 55) with real GitHub-collected data (signing %, CI history, SECURITY.md, bounty cap)

Positive

Evidence Chain (1 files)

BlackHart AnalysisMay 30, 2026, 05:10 AM
development practices: 70
incident response: 78
deployment hygiene: 80
key management: 68
monitoring: 72
emergency history: 82
sha256:6767e0543c28...

Score History

No dimension-level score changes recorded yet.

Methodology: 2.1Formula: 1.1Weights: 1.1
How is Operational Security scored?← Back to Provenance Ledger