We have securely distributed computer applications to anonymous hosts since 2018. With real-time insights from our proprietary trust rating system, Salad's control plane exclusively assigns workloads to the most performant and trustworthy machines.

All Salad nodes are benchmarked for performance on a variety of baseline workloads (including P2P bandwidth-sharing, cryptographic validation, and other compute tasks) before becoming eligible for formal trust assessment. To protect our customers and our users, our team has implemented and assiduously maintains redundant security layers across our network, organization, and distributed machine environments.

Workload Security

Runtime Isolation

Salad Container Engine (SCE) workloads execute within isolated, virtual compute environments that are destroyed upon completion, failure, or disconnect.


Encrypted Containers

Salad encrypts all containerized workloads before distribution to host machines to ensure data confidentiality and preserve the integrity of container images at rest.


Network Security

All data in transit across the Salad network is encrypted at both ends using TLS and SSH.


Node Reputation Protocol

Only trustworthy machine nodes shall be considered eligible to process container workloads. Salad's node reputation protocol measures three key metrics when assessing machine environments:

1. Machine Capabilities

Salad indexes and benchmarks the performance of all shared host hardware, including GPU,
CPU, and network resources.

2. Machine Integrity

Industry-standard static analysis ensures that all host machiens are secure from malicious actors. Salad's node client software requires that locally hosted antivirus, firewall, and OS software be updated and properly configured.

3. Supplier Trust Rating

Salad assigns each individual resource-supplier a trust rating based on historical machine performance, typical resource availability, and standard Know-Your-Customer (KYC) practices.


Audit Logging

All Salad nodes generate audit logs to help monitor network anomalies, create forensics documentation, and ensure compliance.


Two-factor Authentication

Salad supplier accounts are secured by 2FA using One Time Password login.


Intrusion Detection

The Salad node client automatically detects local intrusion attempts and deletes affected container instances.

Personnel & Processes

Background Checks

All Salad employees and contractors must pass a comprehensive background check and consent to confidentiality agreements before beginning work.

Employee Security Awareness

Salad mandates that new employees attend classes covering data security, organizational compliance, and information-technology best practices.

Engineering Security Workshops

Engineers are required to attend additional DevOps security workshops to protect deployments at scale.

Compliance Check-ins

Salad's internal security-management team maintains security poilicies, assesses compliance, and communicate updates whenever they occur.

Network Security

Vulnerability Scanning

Salad implements a Docker-centric vulnerability-scanning tool in its software-development CI/CD process.

Patching timelines are as follows:

Critical: 14–30 days
High: 14–30 days
Medium: 45–90 days
Low: 90–180 days

Internal Systems Auditing

Salad maintains a formal Audit Policy governing application events, system events, hardware events, and physical access. This includes the what, when, and where of the event, its source, its object, its outcome, and the person associated with it.


Salad’s architecture consists of multiple layers of data security including a DMZ, bastion hosts, and iptables.

Global Distribution

Salad’s Site Reliability, Support, and Engineering teams are globally distributed, and available in multiple time zones.

Build Isolation

Salad executes compute workloads in isolated virtual machine sandboxes that are destroyed after each use.

Data Security

Traffic Encryption

All data in transit is encrypted via TLS and SSH.

Environment Variable Encryption

Environment variables are encrypted at rest and in transit, and injected into the runtime environment at the start of a job. All sensitive secrets such as keys, tokens, and other credentials should be stored as environment variables within Salad.

Data Backup

Salad maintains a Data Backup and Snapshot Policy that requires restoration within common industry timelines.

Application Security

Secure Coding

The Software Development Lifecycle Policy dictates delivery, review, and merge processes to minimize rollbacks, downtime, design flaws, and security incidents.

Site Reliability

Salad employs a team of Engineers to ensure that the security layers of the Salad application are maintained.

OWASP Top 10

Salad's web application is designed to withstand OWASP Top 10 matters such as injections, broken authentication and session management, cross-site scripting (XSS) attacks, insecure direct object references, missing function-level access control, cross-site request forgery (CSRF), unvalidated redirects, and forwards.

Incident Response

Response Team

Salad maintains an Incident Response Team.

Response Policy & Plan

Salad maintains an Incident Response Policy and Runbook to facilitate decision making during critical situations.


Network and security incidents are published at