[ttyprintk]

What do you think of hiring maintainers to audit? Answer specific questions about usage and security, with some visibility into your codebase? We’ve talked this over and hit risks concerning access to code where we’d like an NDA that a consultant may dislike.

[F6F6FA]

Consultants sometimes dislike NDA, because as a consultant, you are already expected not to disclose. It is strongly implied, like patient-confidentiality. Airing dirty laundry or competitive advantage as someone visiting many companies a year, is like a doctor amputating the wrong leg. You do this once, then you are out of a job and reputation.

Risk is on your end, so you pay for it. A 10k contract becomes a 12k contract. You clarify your risks, your mitigation method (NDA), and that the extra money is for the legal liability the consultant takes on.