We do not publish
our audit list.
This is a deliberate choice. Here is why.
Most of our clients request confidentiality as a baseline condition. Publishing an audit registry — even with client consent — creates implicit pressure on those who do not consent to explain their absence. We removed that pressure entirely.
Knowing which protocols have been audited, and by whom, helps attackers prioritize targets. An audit report is a detailed map of a protocol's architecture. We do not hand that map to anyone who was not meant to have it.
Zero post-audit exploits. That number does not require a list to be meaningful. If it did, it would not be meaningful.
Each completed audit is delivered with a non-guessable, non-indexed URL. You share it with your investors, your legal counsel, your board — no one else can find it. The report exists on the internet; it just cannot be discovered by anyone who was not given the link.
"The firms that publish the longest public audit list are often the ones who completed the most audits quickly. We would rather complete fewer audits carefully."
If you received an audit URL from us and need to re-access it, contact us directly. If you are evaluating us as an audit partner and want references, we can arrange client introductions under NDA.