Skip to content

Stewardship

What is a Framework Steward?

A framework steward is the resident expert for one (or more) of the security domains covered by the Security Frameworks. The role is a natural extension of contribution: stewards are people who have demonstrated genuine depth in a specific area, through the content they've written or reviewed, and who SEAL trusts to maintain the quality and direction of that domain going forward.

It is a technical role, but also a community one. Stewards bring a sense of ownership to their domain, and being embedded in the contributor community often leads to finding and connecting with people who care deeply about the same problems.

Why become a steward?

Because what gets written here is what practitioners across Web3 will actually read and rely on. When you become a steward, your approval is required before anything merges into your framework. That is real influence over what the community considers best practice, not in a symbolic way, but in a direct, technical one.

Beyond that: the people you will meet are worth it. The stewards community is small and deliberately kept that way. These are security professionals who care enough about the ecosystem to put time into building something that matters.

And finally, your work here compounds. The Security Frameworks are a living resource that practitioners, teams, and organizations will keep coming back to. The depth you bring to your framework keeps getting read long after the initial contribution.

How the role is earned

Most stewards got here because they genuinely cared about a topic and wrote something useful. The role is a recognition of that, not a prerequisite for it.

There is no application form. The typical path looks like this:

  1. A contributor writes or reviews content for a specific framework, either independently or as part of a broader effort.
  2. We notice the quality and depth of that work, or the contributor reaches out expressing interest in a more active role.
  3. If there is mutual trust and the fit is clear, we designate them as steward: they are added to the contributors database with the Framework-Steward badge, and they get their own entry in the Spotlight Zone, the public-facing recognition page where stewards are listed alongside the frameworks they own.

If you are interested, the most direct path is to start contributing to the framework you care about. You can also reach out on Discord if you want to discuss it first.

Responsibilities

Once designated as steward for a framework, your responsibilities are focused:

  • Review incoming contributions: When a pull request touches your framework, you will be tagged as a required reviewer. The PR will not be merged without your approval. You become the quality and accuracy gate for your domain.
  • Help grow the framework: The Security Frameworks are a work in progress, and many domains still have room to grow. If you know people with the right expertise, bring them in, whether as contributors to your framework or to the project more broadly. The goal is to make these frameworks as broad and battle-tested as possible, and stewards are well-positioned to make that happen.
  • Advise on structural decisions: When changes that affect the organization or direction of the repo are being considered, stewards are consulted as domain experts. Your input carries weight on decisions that touch your framework.

What this looks like in practice

On GitHub: You are tagged as a required reviewer on any PR that touches your framework. Nothing merges without your sign-off.

On Discord: Our Discord server has a dedicated stewards channel. You will be added to it and pinged when a relevant PR comes in, when we want your perspective on something, or when you want to share something more privately before it goes to the broader community. It is also where you will meet the other stewards, a small group of people who are genuinely invested in Web3 security and often worth knowing.

On the Spotlight Zone: Your stewardship is publicly recognized on the Spotlight Zone page, where your profile appears alongside the framework you own.

Open frameworks

The following frameworks are currently looking for a steward. If any of these match your expertise, this is a good place to start:

  • Awareness
  • DevSecOps
  • DPRK IT Workers
  • Encryption
  • External Security Reviews
  • Front-End & Web App Security
  • Governance
  • IAM
  • Infrastructure
  • Multisig for Protocols
  • Privacy
  • Secure Software Development
  • Security Automation
  • Supply Chain
  • Threat Modeling
  • Treasury Operations
  • User & Team Security
  • Vulnerability Disclosure

If none of these match your expertise but you see a gap that isn't covered anywhere on the site, that is worth something too. A new framework can start small, a single page or a rough outline, and grow from there through iteration. If you have a topic in mind, reach out on Discord and we can figure out together whether it makes sense to build it out.

Otherwise, start contributing to whichever framework fits your background. Either way works.

Help us improve!

Spotted an error or have ideas to enhance this content?

Your contributions are valuable to us. Learn more

✏️ Contribute today!