[amilich]

Any security engineer would have a heart attack if any employee, friend, or colleague said "security audit stuff [doesn't] matter." I wouldn't use software that doesn't undergo security audits.

Also, pentest ≠ audit. Completely different!

[tptacek]

I am a security engineer. You can go reach out to whoever managed your assessment at Trail and ask them about me by name if you like. What you're saying doesn't make sense. Maybe you could make it make sense! But you'd need to start by disclosing what the actual project scopes for each of these projects was.