Just found out my MVP has massive data leak risks. How often should I be auditing my dev agency?
We’re mid-build on an MVP and I wanted to QC the tech stack before making the next milestone payment. A friend in VC told me about an automated due diligence tool (Micah 6 AI Engine), so I ran our repo through it just to see what would happen.
It terrified me. The report flagged that the devs had left critical database credentials exposed and built an architecture that would crash if we scaled past 1,000 users. Because the report translated everything into plain English, I could actually take the exact files to the lead dev and demand a fix before I paid the invoice.
Problem is, I can't afford to drop $79 every time they push an update, but I can't let them think I'm taking my foot off the gas either. For those managing external teams, what's your cadence for technical due diligence? Do you just audit at major milestones?