Do you think about security while making your products? 🔑

I picked "Maker Mindset" topic on purpose :) I carefully review most of the products that I like and comment on here for vulnerabilities or security flaws and the result is not good. Yesterday I discovered a big problem in one of the products for example allowing attackers to exploit it. (I have notified the makers of course) So my question is - as a maker - do you think about security at all when you design and implement your idea? Is this one of your checkpoint items as good UX, nice design, value, etc?

22 views

I'm not a founder/maker myself (hope to be one day), but work for a very young startup. We've tried to build in good security practices from the beginning. Code reviews, open source code scanning, public vuln scanners, regular patching, scrutinising dependencies, group discussions about new high risk features, bug bashes, a security email alias for notifications, free secure code training, data minimisation. We're lucky that two of the co-founders are experienced engineers who are both very security aware. Application security is both hard and fun in my experience, especially with the fast pace of changes demanded of startups trying to gain new customers. I think it's about building layers of protection consistently over time. Just "thinking" about security is great because then you start to ask yourself questions and learn those answers. "Why do I keep seeing the acronym XSS on these free reports?", "There's a news article about a company I know being hacked because of something called a third party dependency". That knowledge builds up and hopefully sticks every time you make something new. Do you have a go to list of checks when building new things?

Do you think about security while making your products? 🔑

Replies