Independent Audit Demands

Users repeatedly question the existence, independence, quality, and public availability of third-party audits for a specific software, system, or company, expressing skepticism about attestations and calling for verifiable audit reports.

📉 Falling 0.5x Security

4,300

Comments

Years Active

Top Authors

#2371

Topic ID

Activity Over Time

2008

2009

2010

2011

2012

2013

127

2014

138

2015

109

2016

177

2017

182

2018

367

2019

247

2020

422

2021

413

2022

596

2023

489

2024

364

2025

476

2026

Top Contributors

tptacek (44) jacquesm (27) hef19898 (24) Spooky23 (20) tialaramex (19)

Keywords

defensenews.com PCI US ycombinator.com NS DSS thenation.com audit audits audited pentagon compliance auditing findings assessment independent fraud

Sample Comments

HPsquared • Apr 15, 2023 • View on HN

Maybe we need someone to audit the audit.

aydyn • Aug 18, 2023 • View on HN

Surely they could have an audit/attestation by 3rd party?

CameronNemo • Jul 14, 2021 • View on HN

Don't they also usually care if they can audit it?

sillysaurus3 • Nov 26, 2017 • View on HN

Relevant: https://news.ycombinator.com/item?id=14825508it's an industry secret that one of the reasons you do an audit is so you don't have to publish the "real" findings

nieve • Aug 12, 2021 • View on HN

Is there any sign of a real audit or are they just hand-waving it and telling us to trust them?

tptacek • Mar 24, 2024 • View on HN

Seems like the wrong question. Rather: if it's easily auditable, who's audited it so far?

bluGill • Feb 26, 2024 • View on HN

Good idea, but you need to audit your auditors.

na85 • May 18, 2018 • View on HN

Audited by whom? Where are their findings?

greatsage • Nov 18, 2016 • View on HN

Is there an audit document for this?

midislack • May 29, 2022 • View on HN

Have there been independent audits of it?