MicroConf Europe 2017 Recap

Last week I attended the MicroConf Europe 2017 in Lisbon, Portugal and spent two days and three evenings listening to interesting talks and having inspiring conversations. MicroConf is a conference targeted at small, self-funded software companies. The audience consists of people at different stages of founding and running a company: some are looking for an idea, some are just starting out and others have a company they want to grow. MicroConf is hosted by Rob Walling and Mike Taber, which you might know from the Startups For the Rest of Us podcast. I just listened to the latest episode of the podcast where Mike Mike and Benedikt Deicke looked back on the conference, so I decided to write a small recap myself. Continue reading

Why you need a security@ address

If you run any kind of webservice, you should set up a security@yourdomain.com email address, display it prominently on your website and make sure it gets read by an employee with a technical background.

Not convinced? As a case study, check out this post on HackerNews. The OP said he had tried to report a security vulnerability at a messaging and voice services provided, but nobody would listen to him.

The suggestions ranged from full-disclosure to emailing the CTO. I pinged the official Twitter account of the company with a link to the thread, but they brushed it off. Ironically, the company even advertises their service as a security solution on their Facebook page.

After about two hours, a member of the ops team finally chimed in on HackerNews and the issue got addressed. A little later, they also got back to me via Twitter. But the damage was done: people started telling stories of unrelated bad customer service experiences and one person said they are going to evaluate a competitor.

With a security contact prominently visible on the website, the whole thing could have been avoided.