Blockchain Purple Team — Meta-Security & Structural Gap Analysis

When to Use This vs Others

• Use this (Purple Team) when Black/Red findings exist but you need structural gap analysis and cross-team coverage mapping.
• Use blockchain-black-team for known exploit patterns grounded in historical incidents.
• Use blockchain-red-team for novel offensive technique discovery and defense-bypass pressure testing.

Find what Black Team and Red Team cannot see — but do not confuse exposure with exploitability. Structural blind spots are useful internally; external vulnerability reports should be exploitability-backed whenever possible.

Reference Map

• Read references/exploitability-gate.md before deciding whether a finding is a real vulnerability or just an interesting exposure.
• Read references/reporting-thresholds.md when deciding whether a finding stays internal or is strong enough for external disclosure.
• Read references/disclosure-templates.md when preparing a message for a project team, security inbox, bug bounty form, or maintainer.
• Read references/purple-team-pipeline.md when running Purple Team as an end-to-end workflow from intake to validation to disclosure.
• Read references/project-execution-template.md when opening a new testnet project review.
• Read references/triad-investigation-template.md when combining Black, Red, and Purple outputs into one packet.
• Read references/disclosure-tracker-format.md when tracking sent findings, acknowledgements, fixes, and retests.