Hacker News new | past | comments | ask | show | jobs | submit login

That should come out in threat modelling, which is covered. when you're looking at who the adverseries for a specific system are, you'll necessarily cover what your data is and how valuable it is.

What may not be covered, and something which often causes problems with a lot of systems, is your threat model, may not be the same as that of your customers and, depending on what you're selling, you may not be able to know your customers threat model in advance.

To provide a couple of examples. If you provide server hosting, and a crypto exchange starts using your service, suddenly you may attract a load of attention from high-end attackers looking to compromise your systems as a means to get at other peoples.

or if you provide something like a consumer photo sharing/storage system, if "celebrities" start using it, suddenly you can find that people with a lot of time and interest start targeting you.

The tricky part is, commercially, do you have the resources to secure to the level required by the most sensitive customer...




Consider applying for YC's Spring batch! Applications are open till Feb 11.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: