For years, the founders of some security companies have never discovered any original vulnerabilities or written any in-depth, hardcore technical analysis. Their releases are purely for the purpose of pandering to newbies, creating mystery, and promoting marketing. Just how much technical expertise and capabilities can such companies possess?
I believe that when choosing a security firm, web3 project teams should thoroughly analyze the founder's background, the number of original technical analyses they have produced, and the types of vulnerabilities they have discovered, rather than simply focusing on brand size or reputation.
However, a strange phenomenon currently exists in the web3 industry: many teams, when selecting security audits, choose well-known firms to cater to their users or enhance their brand, without much regard for the quality of the audits and whether they truly address security issues.
I believe the entire industry urgently needs to address this issue. We should encourage and support teams that truly dedicate themselves to the work and research security technology, and avoid hype and exaggeration.
