AV_

We all need to take a moment and give our appreciation to the pioneers of decentralized security audits. I personally owe much of my success to the opportunities they've created. In the face of competition it continued to stay faithful to its policies and treated researchers fairly, even if it meant losing business. It is true that in recent times C4 has become a shadow of what it once was, for various reasons. But I'll remember them for the epic competitions, intellectual judgment discussions and friends made on the way. On the business side, this is part of the phase-out of crowd audits, which are no longer feasible to run with AI submissions. For years the gig has stopped being profitable and used for customer acquisition and upsell potential, but now it's official. Security is already converging to multiple AI passes followed by A-tier team audit(s) for finding outliers, and a bounty program as last defense. So-long C4. You will be missed. 🐺

Being a programmer in the early 90s was great. Then they invented help files which meant no more browsing manuals for hours. Can you imagine? Half of all coding jobs died right there. Then OO made code reuse too easy and you could write in a few weeks what used to take months. Then Java had strong typing and GC, it got rid of most bugs -- no more hours figuring out a segfault -- we didn't even need QA guys! It all just worked! Coding was too easy. Then they fucking invented Python and made it even easier! Even biologists started coding for fs sake. Biologists! Can you believe that!?! Who would hire a programmer when even a biologist can write scripts in minutes -- without spending years understanding microcode and nand gates!?! You could just go to this web thingy and read like a 10 page tutorial and start coding. It was too much, it wasn't coding. Not the way I learned to love coding. I quit. Im glad I did. By the year 2005, 1,000% of programmers had been fired and that's why nobody makes money as a coder today. There's a lesson here. Let's all give up bc we know when knowledge work gets easier they always fire everyone. Always. Never fails. Not a single time. At least the government started giving everyone a hundred dollars a week in 1999 or we all would have starved to death.

Sometimes I feel like we keep sharing resources, education, and other things, but only within our very closed circle. We’re also constantly fighting, competing, and posting bullshit marketing content when, truth be told, nobody outside that circle really cares. Also, everyone has an opinion, and we keep debating endlessly. The list goes on and it’s becoming tiresome.

I get where you are coming from, but from my experience this is a wrong take If a founder is surprised by the cost of an audit right before going live, it’s usually a sign they don’t understand that security is inherently part of their product. You have to design sustainability and profit with security costs in mind There are also a ton of levers teams can use (reduced scope, internal security, grants / DAO programs, etc), but they need to be considered strategically and ahead of time, not at the last minute For example, you can spread the cost by first releasing a minimal set of features with reduced complexity, get the first audits paid via a DAO, and wait for more funding or market validation before building something more complex. And again it's a founder's responsibility to think about all of that What you’re describing (fast iteration without security considerations) is actually closer to what we had a few years ago, and the result was a lot of hacks, people losing funds, and a ton of mistrust in the industry So if users ask for audits it's because the stakes are high and history taught them to, not because security researchers force teams to do it. There are a lot of bad actors that exploit the mistakes made by teams that ship too fast, and they are responsible for the ask about audits, not the other way around And also, yes, security researchers are costly. But it's hard to get and maintain the skills needed, and it's not a job for everyone