Category: Security

81765

Views

Points

Comments

While I was at PKC, our team did upwards of twenty code audits, many of them for startups that were just around their Series A or B (that was usually when they had cash and realized that it’d be good to take a deeper look at their security, after the do-or-die focus on product market fit).

It was fascinating work – we dove deep on a great cross-section of stacks and architectures, across a wide variety of domains. We found all sorts of security issues, ranging from catastrophic to just plain interesting. And we also had a chance to chat with senior engineering leadership and CTOs more generally about the engineering and product challenges they were facing as they were just starting to scale.

It’s also been fascinating to see which of those startups have done well and which have faded, now that some of those audits are 7-8 years ago.

This is one in a series of deeper-dives into various Learnings from 5 years of tech startup code audits. In that article, I list several observations I had during the course of doing code audits fro 20-30 tech startups at or around the Series A / B mark.

Security seems to be on the up-and-up, despite all the bad news you hear in the media. What’s driven this improvement? Well, frameworks, cloud infrastructure, and the big cloud platforms have been hard at work creating the ”pit of success” — places where users just fall into being secure rather than having to fight to be secure — as a way to discourage the most severe security practices has by and large been an enormous success. This article is about our on-the-ground observations of these success stories.

We started doing code audits in 2014.