Map the attack surface
Start from protocol goals, trust boundaries, permissions, assets, user flows, and operational assumptions before treating any finding as meaningful.
Research / Methodology
Forge treats security findings as engineering claims that need context, reproduction, impact framing, and responsible handling.
The process is intentionally practical: understand the system, test assumptions, show the path, and help teams resolve the issue.
Start from protocol goals, trust boundaries, permissions, assets, user flows, and operational assumptions before treating any finding as meaningful.
Prefer reproducible behavior, concrete traces, and engineering context over vague severity language or speculative reporting.
Separate exploitability, blast radius, user harm, operational risk, and remediation confidence so teams can prioritize without guesswork.
Support a path from report to fix to validation, with publication choices handled cautiously and only when appropriate.
Standards
Severity and impact should not outrun the evidence. Findings should be understandable to both security and engineering owners.