Learnings from 5 years of tech startup code audits - Ken Kantzer's Blog
While I was leading PKC's security practice, we did probably 20-30 code security audits, almost of all of them for startups that were just around their Series A or B (that was usually when they had cash and realized that it'd be good to take a deeper look at their security, after the do-or-die focus on product market fit).
https://kenkantzer.com/learnings-from-5-years-of-tech-startup-code-audits