Johnathon Claudius

There's folks out there now offering tools like Octane, for example, recently won one of the Monad contest winners.

So like I think stuff like that is definitely very interesting to consider.

They have a lower cost entry point.

But yeah, I would suggest anything like that, basically getting them to a much better starting position and not have the first time you're thinking about security, the time you're about to spend a lot of money.

Yeah, I think so.

Like, so on the policy layer for like admins, like,

The ones I mentioned are actually quite high value, like branch protection and using security keys on GitHub.

I think integrating strong linters, static analysis tools, as well as AI tooling in your code flow is also very valuable.

Seeing folks using Coder Rabbit or Codex or Copilot in the PR review process, it's

quite helpful, especially for small teams that are trying to build.

There might not be enough people in the company to review your code.

You might be just, yeah, you might take a section of the code.

I might take a section of code.

We agree on the API and we run off into our own adventure to try and build those pieces out.

So I think it's really helpful to at least have a feedback mechanism that's happening throughout the day.

I'm a big fan of linting as it is because I think if you're building idiomatic code, it's going to be easier to review.

It means that an auditor is going to have a pretty good framing of understanding the tooling.

A lot of the static analysis tooling will work a bit better if you use idiomatic code, as well as some of the LLMs and or the human review of that code.

Yeah.

Yeah, it's pretty, pretty straightforward thing.