Review plan for security audit and discuss suggestion raised by a core team developer - perhaps it would be the best to identify the most security related parts of the existing code (e.g. Okapi or RAML Module Builder) first and to initiate a manual security related review by the team. The idea behind is to get the most of the external security audit afterwards and to avoid that the audit reports facts that are already known
Present findings -preliminary results from running tests (capacity and performance) using carrier.io framework? We ran checkin and checkout tests and had some interesting (unexpected) discoveries, which would be interesting to share.