top | item 7031550

(no title)

Hi, I am working on a security-focussed startup. We have a rough cut of our initial product offering due in the next month and are trying to get initial trial users and customers on board to help us demonstrate interest.

How do you manage to afford to finance the audits and bug bounties? We have found that some potential customers want to see us get security audited before trusting our solution, but from what we can tell this is a multi-hundred thousand dollar cost and requires us to freeze development while it takes place. We currently have zero day-to-day budget and runway for 6 months. How have you afforded it?

discuss

magikarp|12 years ago

> How do you manage to afford to finance the audits and bug bounties?

Public donations from our website and funding from public institutions and NGOs. Currently, our audits are funded by the Open Technology Fund: https://www.opentechfund.org

Generally, our funding tends to be very limited though, so sometimes we have to ask someone to do an audit for cheaper than they usually would, seeing as we're an open source project with no source of revenue.

EDIT: Forgot to mention, we have no funding for bug bounties. I pay all bug bounties out of my own pocket. I don't mind, I feel the money is very well-spent.

Good luck with your startup!

lemonlimebubble|12 years ago

Ah, so basically, as a for-profit company aiming at a B2B enterprise product, we are screwed in this regard until we have the capital to absorb the audit cost through either revenue or investment. Oh well.