Interesting. I agree that the use of Internet Identity should remain the primary standard, especially in applications involving user assets. However, One strategic step we can take moving forward is to foster active collaboration between developers, project founders, and security experts within the IC ecosystem.
Instead of waiting for expensive formal audits, we could:
Voluntary Community Reviews / Competitive Audit
Rather than relying on costly audits convesional, we could learn from competitive audit models like Cantina, Sherlock, and Code4rena — embracing the collaborative spirit of open source.
Open Security Best Practices Handbook for IC Developers
A community-based, openly accessible, and jointly moderated guide — containing best practices, secure code examples, and real-world security checklists that are continuously updated.
Workshop & Open Discussion Sessions
A space to share the latest attack vectors, security tools, and important updates from DFINITY — while continuously raising security awareness among IC developers.
With this approach, we’re not only strengthening IC’s technical foundations but also building a culture of collaboration and shared responsibility to secure the entire ecosystem.