Ask HN: Security audit for startup / OSS projects

[tommoor]

I run a startup whose code is public and I'd like to have the code audited for vulnerabilities, does anyone know of services that exist to do this that aren't enterprise focused? Even HackerOne has gone full-enterprise in recent years, but it's not only large companies that need these services.

[Vignesh_Vault]

https://vaultinfosec.com/contact.php

We are young energetic team, who had already done secure Code review to many startup's.

[ianpurton]

You can find indy security people on Upwork.

But really if you have a ci cd pipeline you should look at automating a lot of this. Devsecops.

If you post a link and I get time I can take a look.

[xet7]

https://news.ycombinator.com/item?id=25381397

[reedloden]

https://www.hackerone.com/company/open-source-community

HackerOne has a free offering for open source projects. ^^

Let me know if you have any questions (I manage it). :-)

[tommoor]

Thanks, unfortunately we're using BSL in order to monetize, it's not an OSI license

[throwaway888abc]

https://cure53.de/

https://www.nccgroup.com/uk/

[tubularhells]

Ask on the infosec.exchange mastodon. There are plenty folks there contracting.

[fsflover]

Check out a company which audited TrueCrypt.