Competitive vs Private Audits
Be sure to read on
Competitive and private audits have different value props.
Differences
| Feature | Competitive audit | Private Audit |
|---|---|---|
| Cost | Slightly more expensive | Cheaper |
| Number of auditors | Hundreds | 1 - 5 |
| How many bugs do they find? | See below | See below |
| Personal feedback | Less | More |
| Who are the auditors? | You don't know | You know |
Similarities
- Duration of audit depends on code length
Which one is better?
Competitive audits have potentially hundreds of auditors looking at your codebase to find bugs. But not all auditors are the same. As of right now, it's hard to say which one is better and more that they are just different.
We will be monitoring the differences between the two as the project grows.
Ideally, you do both!
How many bugs do they find?
We are still seeing results from competitive and private audits, but at the moment, they are both seen as effective methods for finding issues.
You can think of a private or direct audit as more of a "consultation" where you can ask questions and get feedback on your codebase.
Whereas a competitive audit is a "firehose" approach to finding issues in a codebase.