Security systems already record many things. Logs capture events. Configuration history records system state. Monitoring systems produce signals. These records are essential for understanding what happened in a system. But during incident investigations I kept encountering a simple question: What did the system claim it was responsible for observing at that time? Surprisingly, most systems cannot answer this. Existing Evidence Layers Modern infrastructure already produces several layers of evidence. Logs → what happened Configuration history → what existed Monitoring systems → signals and alerts These records help reconstruct events and system state. But none of them preserve something important: what the system declared it was responsible for observing. Security systems already produce several layers of evidence. Existing records capture events and system state. SILENT records declared responsibility boundaries. The Problem During Investigations Should the system have detected this? But answering that question is harder than it sounds. Systems evolve. Monitoring coverage changes. Responsibilities shift across teams and platforms. When looking back after an incident, the perceived scope of responsibility can easily expand. Responsibility Drift This creates a subtle problem. After an incident, people often reconstruct what the system should have been responsible for. But without a record of what was declared at the time, the boundary can move. Responsibility becomes a moving target. A Simple Idea This led me to explore a small idea: What if systems recorded the responsibility boundaries they declare? Instead of recording events or system state, a system could record: what it declared it was responsible for observing at a specific moment in time. Not whether the declaration was correct. Just that the declaration existed. SILENT I call this concept SILENT. SILENT defines a minimal specification for recording declared responsibility boundaries. A SILENT certificate records: what the system claimed it was responsible for observing what was explicitly outside that scope when that declaration was made The goal is simple. SILENT fixes the declared responsibility boundary at the time it was stated, so the scope of responsibility cannot expand later during incident or audit investigations. SILENT proves scope, not reality. What SILENT Is Not SILENT intentionally does not: detect vulnerabilities assess security posture enforce policies generate alerts It is not a monitoring system or a security scanner. It simply records declared responsibility boundaries. If you're interested The concept and specification are available here: oh-security / silent SILENT Keep the line of responsibility. Responsibility boundary certificates for systems. SILENT defines a minimal specification for recording declared responsibility boundaries. SILENT records what a system declared it was responsible for observing at a specific moment in time. Logs record what happened. Configuration history records what existed. SILENT records responsibility boundaries. SILENT proves scope, not reality. SILENT in 30 seconds A system declares what it is responsible for observing. SILENT records that declared boundary. If an incident occurs later, the certificate shows what the system said it was responsible for at that time. SILENT records declared responsibility boundaries, not system reality. What SILENT Does SILENT generates a single immutable certificate describing: what a system claimed it was responsible for observing what was explicitly outside that responsibility when that responsibility boundary was declared The certificate preserves the declared observation boundary that existed at that moment in time. This record can… View on GitHub Originally published Originally published on Medium.