Tips for approaching audit companies

1. Choose Your Auditors Wisely

Audit companies often assign auditors who are available at the time, but this might not always align with your project's specific needs. It's essential to inquire about the auditors who will be assigned to your project, including their expertise and experience. Ensure that the team assigned to you has the right skill set for your project's complexity and requirements. Don't hesitate to ask for profiles or resumes of the auditors; you want to ensure you're not paying a premium price for junior auditors without the depth of experience you're expecting.

2. Understand the Pricing Mechanism

Knowing how audit companies price their services can save you from overpaying. A senior researcher with a few years of experience and a proven track record might cost between $10,000 to $20,000 per week. Let's consider a the middle rate of $15,00 for a senior researcher, and for a junior researcher, about $3,000. Adding these together gives you $18,000. Audit companies typically add a margin for their services, which can be around 30%, bringing the total to approximately $23,400 for a one week engagement from two auditors. Understanding these figures can help you negotiate better and avoid paying excessively for brand premiums or for more resources than your project requires. As we all know some companies take 60-90% share and only pay a partial amount to their auditors. This is nothing which should happen as you pay primarily for security and not for marketing (I sincerely hope you do, if not you can already ignore the rest of the post).

Of course there are exceptions, if you need urgent services then you can sometimes expect a premium of 2-4x. On the other hand there are also great auditors that offer their services for cheaper in an effort to build a brand. If you interested in the latter, feel free to shoot me a DM, I may help there.

3. Be Aware of Deadlines and Availability

The demand for skilled security researchers often exceeds supply, meaning that the best in the field are usually booked well in advance. If an audit company offers you an immediate start, it's crucial to question why. Are the assigned researchers truly skilled and experienced? Or might you be getting less experienced auditors due to availability? Understanding the scheduling and availability of auditors can give you insights into the quality of the audit team you're being assigned.

Benefits of a partnership with a SR:

Having a seasoned security researcher as a partner can significantly streamline the process of engaging with audit companies. They can leverage their industry connections and knowledge to identify the best auditors for your project, negotiate fair prices, and ensure that timelines are realistic and beneficial for your project's needs. This partnership can not only save you money and stress but also ensure that your contracts are thoroughly secured by top-notch professionals. I have personally already experienced exactly this benefit for a project, without these connections, this audit would not have happened in that constellation.

Security audits are a non-negotiable aspect of developing secure blockchain projects. By carefully selecting your audit company, understanding their pricing structure, and being aware of their scheduling constraints, you can ensure a more effective, efficient, and cost-effective audit process. Remember, the goal is not just to find any auditor but to find the right auditor who brings value, expertise, and peace of mind to your project.