It will be a short rant of how client often sees auditors and treats auditors. I won't go. Into details what goes into a good preparation of the audit as I already covered that in another article, but now I will discuss how cooperation between client and the auditor should look like.
It should be in the best interest of you to help the auditor in any way possible. You should have prepared all the documentation and technical details before handing out the code for an audit. Code itself is not often enough. We need to have a broader overview (at least I do) of the system and what you intend to create/provide to the community.
It's my responsibility to do the best of what I can to find any bugs and illogical steps in your protocol. Still, it should be on your priority list too. After all, it's your product, not mine.
As I said before, an audit is not a silver bullet for all security issues; it's merely a very comprehensive code review and sanity check for your code. All responsibility is still on your side, and the audit report should not guarantee bug-free code. It only means it was checked and verified by the professionals. It doesn't mean there won't be any security issues as no code is 100% bug-free (maybe except hello world).
So when I hear snarky comments when I ask for additional documentation or explanation of the code parts, I get irritated, and I don't think the protocol is in good hands. I'm here to help you, no need to get all defensive and bossy because I dared to ask for more materials from you. That's just my personal opinion.
That's it. Nothing more to add. A small rant of things I needed to put out of my systems when dealing with the clients for the past few weeks.
Thanks for reading, and if you like my writing, you can subscribe to my blog to receive the daily newsletter as I'm currently in the middle of 100 days of blogging challenge. Subscription box below 👇
If the newsletter is not your thing, check out my Twitter @adrianhetman, where I post and share exciting news from the Blockchain world and security.
See you tomorrow!
I know this post is few minutes after midnight, but I was on a date with my wife and didn't manage to write this post on time. So today I will publish another one so the number of posts will be correct. I hope you understand this (I do!).