Building software is a craft
Building great software is really hard - software fails all the time either to work or keep up with expectations. Most people may not realize it but software engineering is a craft with almost endless amount of things to learn. You can never make perfect software, but the real talent is trying your very best to be far above average and always learn how to improve things by having an open and critical mind.
We are passionate about making the user experience so good that you’ll like using our software. Especially in corporate settings most software tend to be boring and even hated because of poor usability. We’re trying our hardest to change that! Try our software to see it for yourself!
Concrete steps we take to respect your security and privacy:
- All of our websites are served over secure channel only. Unencrypted http is auto-upgraded to https.
- We use Cloudflare for DDOS protection and additional security of our and our customers’ sites.
- We closely follow the work of security researchers like Troy Hunt to keep up with the ever-changing landscape.
- We understand how vulnerabilities in OWASP top10 project work and thus know how to defend against them.
- Our user accounts in all important systems are protected with strong passwords.
- We’ve designed our login systems in such a way that we may not need your password at all (if you sign in via Facebook, Twitter, Google etc.)
- If we need to store your password, we’ll use the current state-of-the-art bcrypt with an appropriate cost factor. Even Yahoo failed this by using a weak algorithm. We are not going to make the same mistakes.
- If your use case requires stronger security, our systems support two-factor authentication (Google Authenticator)
- We really, really care about security.
- We use USB security keys (from Yubico) to protect our credentials, so even if an attacker got access to our laptops, they would not gain authorization to our production servers.
Please, we urge you to ask your other software vendors how they are working to protect your security and privacy. We as users deserve better.
Trust by transparency
It’s easy to sweep bad development practices, security issues, bad software design, uptime problems and user satisfaction under the carpet. Many companies have huge issues that their users might be unaware of.
If a company is actively trying to make these details public, it builds trust because users know that the things we make public will be under public scrutiny and thus hurts our image if done improperly. What we’ve already made transparent are:
- The quality of our software by publishing many open source projects. Our software architecture and code quality is free for anybody to review.
- In fact, we have open sourced our most critical security infrastructure like our loadbalancer configuration and certificate authority.
- Our focus and thoughts on importance of security.
- Our promise that if we ever get hacked or anything important gets compromised, we will disclose it (Buffer handled their issue beautifully).
- Any issues with our services being unreachable.
In the future we’d like to be transparent about our finances. Buffer set the gold standard for this and we’d love to do something like this in the future.