How do solo founders handle security?

Question

Building a SaaS as a solo founder. Enterprise companies have security teams, pentests, bug bounties. We have... hopes and prayers? Curious how others approach this: - Do you do any security testing before launch? - Ever had a vulnerability reported? How'd it go? - Bug bounty programs seem overkill for small products or are they? Not looking for "just use Auth0" type answers. More interested in the practical stuff indie devs actually do (or skip and regret).

jqpabc123 · Accepted Answer

What I did as a solo SAAS founder over 25 years ago was radical and totally outside the box --- I wrote my own multi-threaded, multi- tenant web server and database.
Why?
Because the security of canned off the shelf all encompassing solutions was horrible at the time.
By doing this, I have nearly full control and can scrutinize, qualify and filter every single request made of my totally unique software. My main concern is an issue with the network stack which I did not write.
After 25 years of being attacked on the open internet on a daily basis, my server security has never been breached to my knowledge. The main issue I have is small scale denial of service type events which I handle by simply blocking the IPs.