HACKER Q&A
📣 tommoor

Security audit for startup / OSS projects


I run a startup whose code is public and I'd like to have the code audited for vulnerabilities, does anyone know of services that exist to do this that aren't enterprise focused? Even HackerOne has gone full-enterprise in recent years, but it's not only large companies that need these services.

  👤 Vignesh_Vault Accepted Answer ✓
https://vaultinfosec.com/contact.php

We are young energetic team, who had already done secure Code review to many startup's.

👤 ianpurton
You can find indy security people on Upwork.

But really if you have a ci cd pipeline you should look at automating a lot of this. Devsecops.

If you post a link and I get time I can take a look.

👤 xet7
https://news.ycombinator.com/item?id=25381397
👤 reedloden
https://www.hackerone.com/company/open-source-community

HackerOne has a free offering for open source projects. ^^

Let me know if you have any questions (I manage it). :-)

👤 throwaway888abc
https://cure53.de/

https://www.nccgroup.com/uk/

👤 tubularhells
Ask on the infosec.exchange mastodon. There are plenty folks there contracting.
👤 fsflover
Check out a company which audited TrueCrypt.