If you are a startup, you need to add a security page to your site. Tell me how to report a security issue if I find one.
I have lately been noticing a lot of security issues especially XSS with a very basic string like >’>”><img src=x onerror=alert(1)>. With most websites, I notify them via email. Some startups are awesome and send some swags or T-shirts. Thank you.A lot of these make it clear upfront that they don’t offer bounty or swags and that is cool.
My problem is that there is no way to tell your startup that there is a security issue.I usually end up at your zen desk ticketing system where the people taking care of your customer service may not be aware of what those security issues mean.
As a startup, the following things should at least be part of your organisational process
- Create a security page and make it easy for me to report an issue.
- Acknowledge efforts of a person reporting security issue I am not looking for a bounty. A simple thank you on your security page is good enough.
- Provide appropriate update and keep me in the loop as to what is happening with the security issue.
Related Posts
Google Speed Update: Mobile Page Speed Now A Ranking Factor
In Google’s quest for a secure web, they crafted a plan and have been rolling out updates to implement it in carefully choreographed stages. In July…
Business,Link Building,SEO,Startups
15 Meaningful SEO Metrics To Track Long Term
To ensure you are successful in search engine optimisation, you need to do a lot more than check the number of visitors coming to your site.…
Business,Ecommerce,Conversions,SEO
Fashion Ecommerce SEO – How we helped a business do $1 Million in sales.
Selling on your e-commerce store can seem a little like gambling. If you try out a new way of doing things, it may or may not work for you, you may…