Do I need a pentest before launch?
Updated
Short answer
For consumer / SMB launch: no, but run automated review (Securie). For enterprise launch: many buyers ask for an annual pentest report. Boutique pentests cost $5-15K and take 2-3 weeks.
Pentests are point-in-time. Continuous review (Securie) catches more bugs more often. The right combo: continuous Securie review + annual pentest for enterprise-buyer-facing evidence.
Use /templates/penetration-test-scope for the SOW.