While I was leading PKC’s security practice, we did probably 20-30 code security audits, almost of all of them for startups that were just around their Series A or B (that was usually when they had cash and realized that it’d be good to take a deeper look at their security, after the do-or-die focus on product market fit).