We have securely distributed computer applications to anonymous hosts since 2018. With real-time insights from our proprietary trust rating system, Salad's control plane exclusively assigns workloads to the most performant and trustworthy machines.
All Salad nodes are benchmarked for performance on a variety of baseline workloads (including P2P bandwidth-sharing, cryptographic validation, and other compute tasks) before becoming eligible for formal trust assessment. To protect our customers and our users, our team has implemented and assiduously maintains redundant security layers across our network, organization, and distributed machine environments.
Salad Container Engine (SCE) workloads execute within isolated, virtual compute environments that are destroyed upon completion, failure, or disconnect.
Salad encrypts all containerized workloads before distribution to host machines to ensure data confidentiality and preserve the integrity of container images at rest.
All data in transit across the Salad network is encrypted at both ends using TLS and SSH.
Only trustworthy machine nodes shall be considered eligible to process container workloads. Salad's node reputation protocol measures three key metrics when assessing machine environments:
1. Machine Capabilities
Salad indexes and benchmarks the performance of all shared host hardware, including GPU,
CPU, and network resources.
2. Machine Integrity
Industry-standard static analysis ensures that all host machiens are secure from malicious actors. Salad's node client software requires that locally hosted antivirus, firewall, and OS software be updated and properly configured.
3. Supplier Trust Rating
Salad assigns each individual resource-supplier a trust rating based on historical machine performance, typical resource availability, and standard Know-Your-Customer (KYC) practices.
All Salad nodes generate audit logs to help monitor network anomalies, create forensics documentation, and ensure compliance.
Salad supplier accounts are secured by 2FA using One Time Password login.
The Salad node client automatically detects local intrusion attempts and deletes affected container instances.
All Salad employees and contractors must pass a comprehensive background check and consent to confidentiality agreements before beginning work.
Employee Security Awareness
Salad mandates that new employees attend classes covering data security, organizational compliance, and information-technology best practices.
Engineering Security Workshops
Engineers are required to attend additional DevOps security workshops to protect deployments at scale.
Salad's internal security-management team maintains security poilicies, assesses compliance, and communicate updates whenever they occur.
Salad implements a Docker-centric vulnerability-scanning tool in its software-development CI/CD process.
Patching timelines are as follows:
Critical: 14–30 days
High: 14–30 days
Medium: 45–90 days
Low: 90–180 days
Internal Systems Auditing
Salad maintains a formal Audit Policy governing application events, system events, hardware events, and physical access. This includes the what, when, and where of the event, its source, its object, its outcome, and the person associated with it.
Salad’s architecture consists of multiple layers of data security including a DMZ, bastion hosts, and iptables.
Salad’s Site Reliability, Support, and Engineering teams are globally distributed, and available in multiple time zones.
Salad executes compute workloads in isolated virtual machine sandboxes that are destroyed after each use.
All data in transit is encrypted via TLS and SSH.
Environment Variable Encryption
Environment variables are encrypted at rest and in transit, and injected into the runtime environment at the start of a job. All sensitive secrets such as keys, tokens, and other credentials should be stored as environment variables within Salad.
Salad maintains a Data Backup and Snapshot Policy that requires restoration within common industry timelines.
The Software Development Lifecycle Policy dictates delivery, review, and merge processes to minimize rollbacks, downtime, design flaws, and security incidents.
Salad employs a team of Engineers to ensure that the security layers of the Salad application are maintained.
OWASP Top 10
Salad's web application is designed to withstand OWASP Top 10 matters such as injections, broken authentication and session management, cross-site scripting (XSS) attacks, insecure direct object references, missing function-level access control, cross-site request forgery (CSRF), unvalidated redirects, and forwards.
Salad maintains an Incident Response Team.
Response Policy & Plan
Salad maintains an Incident Response Policy and Runbook to facilitate decision making during critical situations.
Network and security incidents are published at https://status.salad.com.