Get an Audit

Before you get started..

• Before you get an audit, you should ideally do some preliminary checks yourself first. This saves time and money as we’d be doing that first anyway. Check our open source best security practices guide here on Github.

• The costs of an audit varies but it’s typically tied to the complexity, man hours, and type of audit (e.g. is there complex cryptography involved? does it have lots of integrated parts? how much testing has already been done?). As initial audits could range anywhere from $30k to $200k, we have helped many projects raise funds and source sponsors to cover the entire costs or to split them.

• An audit isn’t just a single process or service, it’s a relationship with auditors that leads to discoveries and improved processes now and in the future. This means recurring audits would ideally find fewer vulnerabilities, and future updates would be written more securely based on learned experience.

• The most critical step of any audit is reaching out to talk to us about what you actually need and how we can help. Even if you don’t end up doing a full audit, we still want to hear from you and what you’re working on, give any advice we can, and help you find the resources you need.

How does it work?

01 Audit

OSTIF manages the audit from start to finish. We source bids and build the best team to do the work. An in-depth source code analysis and logic review is done, resulting in bug fixes and improvements to functionality and security.

02 Publish

After all fixes and improvements have been made to the software, we publish the results of the audit.