Before talking to any auditing team, please ask yourself the questions below, so that auditors can meet the request in the best way. It is useful to not only the Secure3 team and auditor community but also other responsible auditing firms as well.
What is the project's general architectural structure and system design?
What are the roles in the product and the use cases and workflow for each role?
Which function's or module's attack vector do you have the most concern about?
Which parts of the system that you want the auditors to focus on?
What is the trust setup of the system? Should all centralized roles and components be trusted?
List all the vulnerabilities that are not accepted or already known to the team.
Is there any other information or docs the auditor should know?
Last updated 8 months ago