Ask HN: SaaS boostrappers what does your security stack look like? - auspex
======
tnolet
I’m a SaaS bootstrapper. What do you mean with “security stack”? Security is
layered into all components of the tech stack. It is not a discrete part of
the stack.

~~~
auspex
For example: OpenVAS for vulnerability scanning on the VMs. Clair for
container image vulnerabilities, OSSEC for IDS etc.

~~~
tnolet
Aha, you mean dedicated security scanning / intrusion detection systems.

I use none. I use static websites, Heroku and AWS Lambda for all work. So all
of the network, vulnerability etc. worries are of loaded to the provider. No
user data is stored on our backend: that’s all in Stripe and Auth0.

We encrypt some sensitive data (not PII) in the database and in flight.

I guess for now the use of various 3rd party services negates the need for
dedicated “security stack” products. This might change in the future.

------
hazz99
As a SaaS bootstrapper, zero security stack. I used the crypto package in go?

Absolute security (aside from standard protection of passwords) is at the
bottom of my to-do list. It'd have zero impact on finding product market fit.

