When Sky's audits find bugs, they investigate their process: Zero-finding framework

Description

Sky treats audit findings as process failures. When external auditors catch serious issues, they don't just patch bugs. They investigate why internal reviews failed. Deniz Yilmaz is CTO of Sky Frontier Foundation (formerly MakerDAO), which manages USDS, the third-largest stablecoin globally with years of operation across one of DeFi's oldest protocols. In this clip, Deniz explains how Sky achieves consistent zero-finding audits: engineers apply game theory during development, considering how bad actors (including internal ones) could misuse code. Audits serve as final verification, not development assistance. When audits surface issues, the team investigates what failed in their multi-layer review process. Key practices covered: - Investigating process breakdowns when audits find serious issues - Game theory code review: considering internal actor exploitation scenarios - High-context development preventing unintended cross-protocol interactions - Treating external audits as last stand verification, not QA help Listen to the full episode for Sky's security framework including six-month engineer onboarding requirements, spellcrafting governance with bi-weekly votes, subdao security enforcement, mandatory OPSEC certification for multisig signers, and LLM auditing integration: https://www.youtube.com/watch?v=FY4eY2hee2w