You’re launching the first version of your web application. You’re pre-revenue. Your every waking moment is consumed with the backlog of product enhancements you believe will help your app break through. And you’re about to land on the top of Reddit because of a security flaw.

We’re software security people. Our industry is built around breaking software. People like us are the ones putting people like you on the top of Reddit. People like you are the weak, and people like us are the tyranny of evil men.

You’re listening to us because you’ve finally given up trying to control the security of your application. Everything else you’ve tried has failed. The advice the “security industry” has given you has had negligible business value, because you’re not a Fortune-500, and you aren’t shipping shrink-wrap to 1,000 enterprises. And the failure of that advice is partly our fault. This is our response.

Read the advice we’re giving here. See how you’re doing. Honestly, are you on top of these issues? Remember, there is no disgrace in facing up to the fact that you have a problem.