What Programming Language Should I Use to Build a Startup?

Often entrepreneurs ask me 'What technology should I build my startup on?' There is no right or wrong answer to this question. It's a decision every company makes for itself, depending on what it's trying to build and the skills of its cofounders. Nonetheless, there are a few rules that one should adhere to. We discuss them in this blog post.

Incident Response Policy

What happens in your company when a production incident occurs? Usually in a typical startup, you will see engineers running around frantically trying to resolve the problem. However, as soon as the incident is resolved, they forget about it and go back to their usual business. A good incident response policy can help bring order into chaos. We provide a sample template in this blog post.

Why Software Deadlines Never Make Sense

We discuss why software deadlines usually don't make sense.

Analyzing Front-End Performance With Just a Browser

We discuss a number of freely available online tools which can be used to analyze bottlenecks in your website.

Why Smaller Businesses Can't Ignore Security and How They Can Achieve It On a Budget

In this article, we show that security is both important and achievable for smaller companies without breaking a bank.

Thursday, September 9, 2010

Old presentations

I decided not to let my old presentations from various security conferences go to waste, and started uploading them to Slideshare. It's a great site. I recommend you to check it out if you want to keep track of your talks.

"Here You Have" virus

Today was a busy day. A zero day attack propagated across the Internet in the form of an email with the subject "Here you have". I ended up frantically reaching out to various heads of security in diff companies trying to get more insights. Now more details are emerging and looks like it was a VB variant (similar to Kournikova) virus which got re-crypted in a new way.

There are two mitigation steps:
1) Block all incoming emails with that subject line in your spam filters.
2) Block any outgoing web access to the following sites because the virus downloads additional malware from them.

The patches from A/V companies should be available soon.
More details on how the virus works are available at: