/
Project Re-audit Criteria

Project Re-audit Criteria

Feb 21, 2019

  • Code churn – X% of the overall codebase has changed since the last audit.

    • We can pull this from the Bitergia analytics platform.

  • Security code changes – security sensitive areas of the code (e.g. API's, identity management, crypto code) have been changed substantially or rewritten.

    • We will need to tag certain files as "security sensitive" somehow.

  • Major version change – this is a strong consideration but not an automatic trigger.

    • This will require team feedback. If the team recommends a new audit then that should be considered.

  • Large number of security bug reports – X number of medium and high security bugs reported over a short period of time such as three months should make us think about hiring professionals to try to find the rest.

    • These stats can be pulled from the HackerOne platform.