While I was at PKC, our team did upwards of twenty code audits, many of them for startups that were just around their Series A or B (that was usually when they had cash and realized that itd be good to take a deeper look at their security, after the do-or-die focus on product market fit).

Source: Learnings from 5 years of tech startup code audits - Ken Kantzer’s Blog

Some decent takeaways.