Comment by mjr00

Comment by mjr00 a day ago

4 replies

View on Hacker News

Yeah. SOC2 reminds me that I didn't mention sales as well, another security-as-economics feature. I've seen a lot of enterprise RFPs that mandate certain security protocols, some of which are perfectly sensible and others... not so much. Usually this is less problematic than insurance because the buyer is more flexible, but sometimes they (specifically, the buyer's company's security team, who has no interest besides covering their own ass) refuse to budge.

If your startup is on the verge of getting a 6 figure MRR deal with a company, but the company's security team mandates you put in a WAF to "protect their data"... guess you're putting in a WAF, like it or not.

meindnoch a day ago

>guess you're putting in a WAF, like it or not.

Install the WAF crap, and then feed every request through rot13(). Everyone is happy!

Reply View 3 replies
  • throwup238 a day ago

    Up until you need to exercise the insurance policy and the court room "experts" come down on you like a ton of bricks.

    Reply View 0 replies
  • benaubin a day ago

    now you've banned several different arbitrary strings!

    Reply View 1 reply
    • connicpu a day ago

      Good luck debugging why the string "/rgp/cnffjq" causes your request to be rejected :)

      Reply View 0 replies