
Ask HN: How do you vet that they take security seriously? - jfolkins
The term &quot;We take security seriously&quot; has almost become a joke. Every corporation or company throws it around. Recently on a vulnerability disclosure, a megacorp stated that very line but then proceeded to hide critical details and handle things poorly.<p>What is the sniff test for you when deciding if a company actually does in fact take security seriously?<p>Also, what companies are more progressive and are actively pushing security as a differentiator? I seem to remember a company recently that not only had 3rd party code audits performed but they even disclosed details of what the auditor found. I cannot however recall the name.<p>Thanks
======
taf2
It’s less effective these days but it used to be very easy just check if they
offer an option for two factor login... if it’s otop or sms... beyond that not
sure....

------
pythonovice
Check LinkedIn if they have any dedicated security professionals on their
staff.

