There is also DeFiSafety, which is a platform that ranks DeFi projects based on specific quality metrics - see their Process Quality Review Process (PQRs). A publicly available list of scores can be found here.
This sort of effort is a great way to push projects towards better security; if a project gets a low score, it is just bad PR. In a way, the incentives are there . CertiK also has a score system, but it is less clear to me how they achieve scores.
While the PQRs from DeFiSafety are by no means a bullet proof standard (and in all honesty, no standard will ever meet that level), it has great benefits:
- it comes from a neutral entity that has no financial incentive to increase/decrease scores;
- scores are verifiable, as items have clear guidelines on how to be evaluated;
- reports are publicly available.
Standards, IMHO, will organically start to happen from initiatives such as DeFiSafety; others will likely to be imposed by central platforms (e.g, token security in exchanges); some will be pushed by auditing firms, as projects comply with practices set by auditing firms as a pre-requisite for acceptable security levels. Following a bottom-up approach, eventually, the community will converge on what is acceptable from a security stand point and what is not.