TransparencyGovernance

Independence & Transparency

How BlackHart maintains scoring integrity.

Scoring Independence

BlackHart Risk Oracle scores are determined solely by our methodology and evidence. Commercial relationships do not influence score outcomes. Every protocol — paying or not — is evaluated using the same 12-dimension framework, the same tooling, and the same evidentiary standards.

Conflict Management

BlackHart separates commercial operations from scoring operations. Monitoring subscriptions provide continuous security coverage and faster reassessment cycles. They do not provide favorable scoring treatment. Scores reflect verified security posture, not commercial status.

Score Provenance

Every score is traceable from final BRI back to the observable on-chain behavior that produced it. The multiplicative formula, all 12 dimension weights, and the data sources for 11 of 12 dimensions are published. When a protocol's score changes, BlackHart publishes the reason — linking score movements to specific evidence such as GitHub commits, governance transactions, audit reports, or public disclosures. If a protocol disagrees with their score, we can point directly to the on-chain behavior that drove it.

Free Correction Channel

If any protocol believes its score contains a factual error, it can submit evidence for review at no cost. Score accuracy is more important than revenue. BlackHart maintains this channel to ensure scoring integrity is not dependent on commercial engagement.

Methodology Versioning

Every published score includes:

Methodology version

Currently v2.1

Data timestamp

When the assessment was performed

Confidence band

Data completeness x credibility factor

Formula version

Dimension weights included

Weight changes are limited to +/-5% per dimension per quarter and published with rationale.

What's Published

The BRI is designed so that anyone can trace a protocol's score back to observable behavior. 11 of 12 dimensions use published formulas against public data. One dimension — Adversarial Resilience (D7) — uses proprietary methodology for the same reason security researchers don't publish working exploits: the tools that find vulnerabilities should not be available to those who would use them to attack.

Multiplicative formulaMethodology → BRI Formula All 12 dimension weightsMethodology → Dimensions 11 dimension scoring formulas & data sourcesEach dimension's detail page Z-Factor maturity formulaMethodology → Our Approach Forge Scale tier thresholdsMethodology → Forge Scale Weight governance & recalibration rulesMethodology → BRI Formula Score changelog with evidence linksEach protocol's score page On-chain evidence hash per scoreBROOracle contract on Base D7 Adversarial Resilience methodologyProprietary — scores published, methodology private

Precedent

This approach follows established principles from traditional credit rating agencies (S&P, Moody's) which emphasize independence, methodology quality, and conflict management as central to ratings credibility. BlackHart applies these principles to DeFi protocol risk assessment.

Disclosure & Remediation Policy

No subscription is required to receive or remediate submitted vulnerabilities. All findings disclosed through official bounty or responsible disclosure channels include enough detail for the protocol team to validate and fix the issue.

Vulnerability details are never gated behind payment. The portal organizes the disclosure workflow, but remediation information is always freely accessible to the affected protocol team.

Public scores show risk drivers, not exploit instructions. The adversarial risk signals section shows observable security posture without exposing specific vulnerability details.

Protocols that remediate quickly are visibly rewarded. Remediation velocity is a positive factor in BRI scoring — fast response to disclosed issues improves a protocol's score.

BlackHart maintains a free correction and appeal process. If a protocol believes their score is inaccurate, they can submit evidence for review through the portal at no cost.

Free Score Correction Process

1Submit a correction request through the portal or email security@blackhart.io

2Provide evidence: GitHub commits, audit reports, on-chain transactions, or other verifiable data

3BlackHart reviews the evidence within 5 business days

4If validated, the BRI score is updated with full provenance linking to the evidence

5All corrections are logged in the protocol's score changelog for transparency

This process is always free. Commercial relationships have no bearing on correction outcomes.

Submit Evidence for Review

If you believe a score contains a factual error, you can submit evidence for review at no cost. Score accuracy is more important than revenue.

Submit Evidence

← Our Approach View All Scores →