something i like about @electisec audits: findings are tracked as github issues. giving devs + auditors a discussion thread and history for each item. this is far more convenient and collaborative than other engagements i've had which involve managing pdfs or Word documents.

another nice touch is that each item has a "recommended fix" section. every every once in a while you see quite a creative approach that demonstrates how deeply the auditor had considered the codebase.