• Please provide one commit per each finding that you are addressing. Merge any outstanding pull requests, so that the commit is in your main codebase. Do NOT add qs-scope as reviewer. For each finding, please note the status (see Status Reference on the next page) as per your current understanding, along with how you addressed the finding in the table below: a commit hash and/or a text explanation. We may include your responses in the final report.
• Please provide fixes within two weeks of the initial report (as per the SoW). Please batch all the fixes and notes together, and within the next two weeks, send them over to us in one go along with this filled out document, as well as the updated commit. Additional fix reviews, beyond the first batch of fixes, or beyond the two-week fixes window, would cost extra.
• Do not add extra code or new features that are not part of the current audit. Any new code would be out of scope for the current SoW.
• Avoid refactoring and re-organization of the codebase beyond the recommendations given to you by the auditors. Never force-push to the audited repository and never overwrite the audited commit and history.
Fix review checklist
• Please provide one commit per each finding that you are addressing. Merge any outstanding pull requests, so that the commit is in your main codebase. Do NOT add qs-scope as reviewer. For each finding, please note the status (see Status Reference on the next page) as per your current understanding, along with how you addressed the finding in the table below: a commit hash and/or a text explanation. We may include your responses in the final report. • Please provide fixes within two weeks of the initial report (as per the SoW). Please batch all the fixes and notes together, and within the next two weeks, send them over to us in one go along with this filled out document, as well as the updated commit. Additional fix reviews, beyond the first batch of fixes, or beyond the two-week fixes window, would cost extra. • Do not add extra code or new features that are not part of the current audit. Any new code would be out of scope for the current SoW. • Avoid refactoring and re-organization of the codebase beyond the recommendations given to you by the auditors. Never force-push to the audited repository and never overwrite the audited commit and history.