something i like about @electisec audits: findings are tracked as github issues. giving devs + auditors a discussion thread and history for each item. this is far more convenient and collaborative than other engagements i've had which involve managing pdfs or Word documents.

另一个不错的细节是每个项目都有一个“推荐修复”部分。 偶尔你会看到一种相当有创意的方法，展示审计员对代码库的深刻考虑。