Audit companies often assign auditors whoare available at the time, but this might not always align with your project'sspecific needs. It's essential to inquire about the auditors who will beassigned to your project, including their expertise and experience. Ensure thatthe team assigned to you has the right skill set for your project's complexityand requirements. Don't hesitate to ask for profiles or resumes of theauditors; you want to ensure you're not paying a premium price for juniorauditors without the depth of experience you're expecting.
Knowing how audit companies price theirservices can save you from overpaying. A senior researcher with a few years ofexperience and a proven track record might cost between $10,000 to $20,000 perweek. Let's consider a the middle rate of $15,00 for a senior researcher, andfor a junior researcher, about $3,000. Adding these together gives you $18,000.Audit companies typically add a margin for their services, which can be around30%, bringing the total to approximately $23,400 for a one week engagement fromtwo auditors. Understanding these figures can help you negotiate better andavoid paying excessively for brand premiums or for more resources than yourproject requires. As we all know some companies take 60-90% share and only paya partial amount to their auditors. This is nothing which should happen as youpay primarily for security and not for marketing (I sincerely hope you do, ifnot you can already ignore the rest of the post).
Of course there are exceptions, if you needurgent services then you can sometimes expect a premium of 2-4x. On the otherhand there are also great auditors that offer their services for cheaper in aneffort to build a brand. If you interested in the latter, feel free to shoot mea DM, I may help there.
The demand for skilled security researchersoften exceeds supply, meaning that the best in the field are usually bookedwell in advance. If an audit company offers you an immediate start, it'scrucial to question why. Are the assigned researchers truly skilled andexperienced? Or might you be getting less experienced auditors due toavailability? Understanding the scheduling and availability of auditors cangive you insights into the quality of the audit team you're being assigned.
Having a seasoned security researcher as apartner can significantly streamline the process of engaging with auditcompanies. They can leverage their industry connections and knowledge toidentify the best auditors for your project, negotiate fair prices, and ensurethat timelines are realistic and beneficial for your project's needs. Thispartnership can not only save you money and stress but also ensure that yourcontracts are thoroughly secured by top-notch professionals. I have personallyalready experienced exactly this benefit for a project, without theseconnections, this audit would not have happened in that constellation.
Security audits are a non-negotiable aspectof developing secure blockchain projects. By carefully selecting your auditcompany, understanding their pricing structure, and being aware of theirscheduling constraints, you can ensure a more effective, efficient, andcost-effective audit process. Remember, the goal is not just to find anyauditor but to find the right auditor who brings value, expertise, and peace ofmind to your project.
