Ask HN: Security audit for startup / OSS projects

15 points by tommoor ↗ HN
I run a startup whose code is public and I'd like to have the code audited for vulnerabilities, does anyone know of services that exist to do this that aren't enterprise focused? Even HackerOne has gone full-enterprise in recent years, but it's not only large companies that need these services.

9 comments

[ 1.6 ms ] story [ 27.6 ms ] thread
Check out a company which audited TrueCrypt.
(comment deleted)
You can find indy security people on Upwork.

But really if you have a ci cd pipeline you should look at automating a lot of this. Devsecops.

If you post a link and I get time I can take a look.

Ask on the infosec.exchange mastodon. There are plenty folks there contracting.