Skip to content

Latest commit

 

History

History
29 lines (22 loc) · 1.26 KB

State of Audits.md

File metadata and controls

29 lines (22 loc) · 1.26 KB

Web3 projects seem to increasingly rely on external audits as a stamp of security approval. This is typically justified by the lack of sufficient in-house security expertise. While the optics of this approach seems to falsely convince speculators, this approach is untenable for several reasons: 

  1. Audits currently are very expensive because demand is much greater than supply for top-rated audit teams that have the experience and reputation to analyze complex projects

  2. Audits are typically commissioned once at the end of project development just before production release

  3. Upgrades to projects go unaudited for commercial or logistical reasons

  4. The expectation (from the project team and users) is that audits are a panacea for all vulnerabilities and that the project is “bug-free” after a short audit (typically few weeks)


Slide Screenshot

101.jpg


Slide Text

  • External Assessment
  • Security Assessment X -> Stamp of approval
  • In-house X -> Expertise
  • External Audit Firms
  • Unreal expectations
  • Very expensive
  • Demand >> Supply
  • Increase/Train Auditors

References