Hacker News new | past | comments | ask | show | jobs | submit login

No, that's the whole point of having an auditor, so that you can have some grounds for placing trust in a system without having to trust the provider or having to audit the product yourself.



I think I'm thinking of security audit, while you're thinking about regulation/fiscal audit. Not sure what GP was talking about.


No, I was referring to a security audit.


Then no it doesn't work like that. (I do security audits for a living btw and happen to have audited many e2e encrypted messaging apps.)


There is more than one kind of security audit. The kind you do looks at the code and determines if it contains bugs. The kind I'm talking about looks at what is being served by a server and determines if it conforms to published invariants. (I hire security auditors for a living ;-)

[UPDATE] Now that I think about it some more, I guess that kind of auditor is analogous to a financial auditor, as you said. I didn't really make that connection before because the nature of the work is very different, but it's a fair analogy.

[UPDATE2] Looking back at your previous comment I see that the word "regulation" is in there. I'm not sure if you edited your comment or if I just missed it before, but my recollection of reading that comment is that it said "financial audit". Either way, I apologize for the misunderstanding and subsequent confusion.




Consider applying for YC's Fall 2025 batch! Applications are open till Aug 4

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: