How we vet reviewers
To keep review quality high, there is an optional verification status for professionals. Verified professionals are also the only people who can grant the trust label.
Criteria
What we check
during vetting
What we verify
- Vetting requires at least 5 years of verifiable professional experience in software development.
- Identity and professional experience are manually checked for authenticity to avoid fake profiles and false claims.
- Effective security skills are assessed through hands-on tasks that include classic security issues in vibecoded apps.
Limits of vetting
- Thanks to vetting, builders do not need to check a reviewer's identity, references, and competence themselves. Still, vetting should not replace your own judgment when you choose a professional.
- Vetting is a strong signal for profile authenticity and professional competence. It is still not a guarantee, and professionals can make mistakes. cleanvibes therefore cannot generally accept liability for overlooked findings.
The difference
How vetted reviewers differ
from community reviewers
Our mission is to make independent security reviews easy to access. That is why anyone can create a free profile as a community reviewer. To still enable a baseline of quality assurance, there is optional verification status, which offers the following benefits:
Identity and experience verified
Verified professionals are checked manually to avoid fake profiles and false claims about professional experience.
Review quality tested
Hands-on tasks confirmed that these professionals can spot and describe common security issues.
Trust label by vetted reviewers only
Only projects successfully reviewed by verified professionals can earn the trust label and be listed in the project directory.
Process
From application
to vetted badge
The process of becoming a verified professional is like a classic job application. Because vetting is manual and we want to reduce applications from people who are not a good fit, we charge a fee for verification.
Apply and pay the fee
Verification starts when you create a reviewer profile and pay the fee. We then reach out to collect all the information we need.
Manual vetting
Verification includes reviewing your materials plus a practical task to confirm you can spot common security issues. As an experienced professional, you should find it straightforward.
Approval and activation
After successful verification, you can activate the verification badge in your profile for a recurring fee so everyone can see it. For more details, see Pricing.
Your opportunity
Are you ready for
verification?
We know paying the fee without a guarantee of approval can feel like a high bar. The signals below are here to help you judge fit before you apply:
Good starting point
- At least 5 years of relevant software development, with verifiable proof.
- Everything on your profile is truthful, verifiable, and not sugar-coated.
- You can explain SQL injection without a web search or AI, and you know when API keys on the client are acceptable and when they are not.
- Ideally you also have public profiles, a website, or a blog that backs up your expertise.
Better to wait if
- You have less than 5 years of relevant development experience or weak proof.
- Most of your background is in roles without regular production coding.
- You are a vibecoder yourself and rely on AI alone for your work.
- Core security concepts in web apps still feel unclear.