1. šŸ The audit process starts with a brief meetingā€”aka the Kick-off Callā€” between the auditing team and at least one lead developer from your project.

    <aside> ā„¹ļø Besides getting to know each other, this call is important for us to build context on your project so we can find deeper issues. Weā€™ll also verify the auditā€™s scope and clarify your communication preferences during the audit.

    </aside>

  2. šŸ” Our auditors will then begin a detailed analysis of your codebase. They may reach out with batched questions and will provide regular updates based on your communication preferences. If youā€™d like, we can also immediately notify you of any significant issues (high, critical) we find rather than waiting to share them in the preliminary report.

    <aside> šŸ“Œ Prepare to respond promptly to our team during the audit. We work hard to thoroughly vet any questions we have before presenting them to you, and your replies will help us conduct the most effective audit possible.

    </aside>

    <aside> ā„¹ļø We also encourage you to ask questions, clarify possible ambiguities, and schedule calls with us as needed throughout the audit.

    </aside>

    <aside> ā„¹ļø We often create a ā€œLive Reportā€ for longer audits where we report important issues as we find them. You can work on issues fixes as we report them, but we only review fixes after issuing the preliminary report with another code freeze commit hash.

    </aside>

  3. šŸ“¢ Please inform us immediately if you must change your code after the audit starts. Since we will be auditing the specific commit hash you provided at the start of the audit, we will not be aware of any new changes made after this point. Changes after the audit starts can be a significant security concern since they could introduce new issues within the scope of the audit, but we would not know to review the the changed code.

    <aside> ā€¼ļø We will do our best to accommodate your needs within the scheduled audit with. However, changes that significantly impact the scope of the audit may require additional audit time and increase the final price.

    </aside>

Previous:

Before the Audit

Next:

After the Audit