请问HN:独立创始人如何处理安全问题?
作为独立创始人构建SaaS。企业公司有安全团队、渗透测试、漏洞奖励计划。而我们只有……希望和祈祷?
想了解其他人是如何处理这个问题的:
- 在发布之前,你会进行任何安全测试吗?
- 有没有收到过漏洞报告?结果如何?
- 漏洞奖励计划对于小型产品来说似乎有些过于复杂,还是说并非如此?
我并不想要“只需使用Auth0”这样的答案。更感兴趣的是独立开发者实际做的(或跳过后感到后悔的)实用内容。
查看原文
Building a SaaS as a solo founder. Enterprise companies have security teams, pentests, bug bounties. We have... hopes and prayers?
Curious how others approach this:
- Do you do any security testing before launch?
- Ever had a vulnerability reported? How'd it go?
- Bug bounty programs seem overkill for small products or are they?
Not looking for "just use Auth0" type answers. More interested in the practical stuff indie devs actually do (or skip and regret).