undefined | Better HN

0 pointslemonlimebubble12y ago0 comments

Hi, I am working on a security-focussed startup. We have a rough cut of our initial product offering due in the next month and are trying to get initial trial users and customers on board to help us demonstrate interest.

How do you manage to afford to finance the audits and bug bounties? We have found that some potential customers want to see us get security audited before trusting our solution, but from what we can tell this is a multi-hundred thousand dollar cost and requires us to freeze development while it takes place. We currently have zero day-to-day budget and runway for 6 months. How have you afforded it?

0 comments

magikarp12y ago

> How do you manage to afford to finance the audits and bug bounties?

Public donations from our website and funding from public institutions and NGOs. Currently, our audits are funded by the Open Technology Fund: https://www.opentechfund.org

Generally, our funding tends to be very limited though, so sometimes we have to ask someone to do an audit for cheaper than they usually would, seeing as we're an open source project with no source of revenue.

EDIT: Forgot to mention, we have no funding for bug bounties. I pay all bug bounties out of my own pocket. I don't mind, I feel the money is very well-spent.

Good luck with your startup!

lemonlimebubbleOP12y ago

Ah, so basically, as a for-profit company aiming at a B2B enterprise product, we are screwed in this regard until we have the capital to absorb the audit cost through either revenue or investment. Oh well.

j / k navigate · click thread line to collapse