I’m a SaaS bootstrapper. What do you mean with “security stack”? Security is layered into all components of the tech stack. It is not a discrete part of the stack.
Aha, you mean dedicated security scanning / intrusion detection systems.
I use none. I use static websites, Heroku and AWS Lambda for all work. So all of the network, vulnerability etc. worries are of loaded to the provider. No user data is stored on our backend: that’s all in Stripe and Auth0.
We encrypt some sensitive data (not PII) in the database and in flight.
I guess for now the use of various 3rd party services negates the need for dedicated “security stack” products. This might change in the future.
As a SaaS bootstrapper, zero security stack. I used the crypto package in go?
Absolute security (aside from standard protection of passwords) is at the bottom of my to-do list. It'd have zero impact on finding product market fit.
4 comments
[ 3.6 ms ] story [ 22.8 ms ] threadI use none. I use static websites, Heroku and AWS Lambda for all work. So all of the network, vulnerability etc. worries are of loaded to the provider. No user data is stored on our backend: that’s all in Stripe and Auth0.
We encrypt some sensitive data (not PII) in the database and in flight.
I guess for now the use of various 3rd party services negates the need for dedicated “security stack” products. This might change in the future.
Absolute security (aside from standard protection of passwords) is at the bottom of my to-do list. It'd have zero impact on finding product market fit.