The Least Authority team reached a notable milestone this month, completing our 100th security audit with the publication of the Clorio Wallet + Mina Ledger JS audit report, funded by the Mina Foundation.
Security audits are a key component of Least Authority’s security consulting services. They represent a significant part of our overarching efforts to advance digital security and preserve privacy as a fundamental human right. “Security is not absolute, but relative,” explains Least Authority’s CEO, Liz Steininger. “We see our work on our security audits as more than just consulting as a service — we believe it is a way to contribute to a broader community and a larger movement within the tech industry.”
Core to Least Authority’s ethos and mission is the belief that new technologies, particularly the decentralized and privacy enhancing technologies (PETs) that form the majority of our security consulting work, can play a key role in advancing and mainstreaming values of privacy and security. Through our audits and other security consulting work, we help teams improve the security of their projects.
In addition to contributing to the advancement of the technologies that our team reviews, security audits benefit the users and communities who utilize them, which is an important and key consideration for us in our pursuit of offering security consulting services.
The impact of Least Authority’s security audits are amplified when they are published, as it allows the sharing of lessons learned among the community, contributes to more robust security systems, and reinforces security best practices. While we don’t require that our clients publish audit reports (the teams we work with publish reports at their discretion), we are strong proponents of transparency and encourage them to do so. “We are proud of our contributions to make individual systems more secure for their stakeholders through our audits and the progression of the knowledge of the security industry through our publishing of reports,” adds Steininger.
We are very pleased that out of the 100 audits Least Authority has completed since 2014, 66 project teams have chosen to publish the reports. Of these, 20 were published in 2020 and 21 have been published so far in 2021.
Focus on the Future: Pro Bono Security Audit Program
Least Authority continues to work to find optimal ways to be proponents of privacy in technology through security consulting work, research, and ongoing involvement and advocacy in our communities.
As part of this effort, Least Authority will launch a program offering pro bono (free) security audits and consulting time to projects that align with our values and have particular needs for our expertise despite facing limited resources and constraints. The program, details of which will be released in the coming months, is for PETs built or maintained by teams that face budget constraints, yet have stakeholders that would benefit significantly from reduced security risks. We hope that our pro bono program can be complementary to the existing, but limited, third-party funding options that are currently offered. This program will be an experiment for us and we’re happy to hear from anyone in the security community who is interested in partnering with us to make increased security and security due diligence more accessible to projects with limited resources (get in touch at email@example.com).
Moving forward, we will continue to champion PETs and focus on contributing to the development of decentralized systems that prioritize the security and privacy of technology users.
To be notified about the Pro Bono Audit program and to stay updated with Least Authority’s work, consider subscribing to our newsletter. If you would like to learn more about our security consulting work or are interested in joining our team, we invite you to explore our published audits and get in touch: firstname.lastname@example.org