Ask HN: How do you vet that they take security seriously?

2 pointsjfolkins7y ago2 comments

The term "We take security seriously" has almost become a joke. Every corporation or company throws it around. Recently on a vulnerability disclosure, a megacorp stated that very line but then proceeded to hide critical details and handle things poorly.

What is the sniff test for you when deciding if a company actually does in fact take security seriously?

Also, what companies are more progressive and are actively pushing security as a differentiator? I seem to remember a company recently that not only had 3rd party code audits performed but they even disclosed details of what the auditor found. I cannot however recall the name.

Thanks

2 comments

taf27y ago

It’s less effective these days but it used to be very easy just check if they offer an option for two factor login... if it’s otop or sms... beyond that not sure....

pythonovice7y ago

Check LinkedIn if they have any dedicated security professionals on their staff.

j / k navigate · click thread line to collapse