I have known founders with 0 experience hack together god awful C++ programs that ran their business long enough for them to fund competent programmers.
Never underestimate the value of a persistent person!
Running it in production is the point. An idea is pursued to validate the market for it, not to accomplish building a scalable, secure solution for which nobody wants.
This is an unfortunate consequence of having a free and openly distributed internet. Unless you're auditing and compiling your own builds from open source, you have no idea where your data is going.
I'm all for best practices and due diligence. But from the startup founder perspective, you can't let yourself be paralyzed by the fear that everything will go horribly wrong.
> But from the startup founder perspective, you can't let yourself be paralyzed by the fear that everything will go horribly wrong.
Some middle ground here is definitely needed.
Even for startups, things going "horribly wrong" can kill people (medical devices, biochemistry, robotics, transportation) or send people to jail (accounting, banking).
And if you think your web startup doesn't deal with "dangerous" things, I suggest googling for "life-threatening grindr security flaw".
Never underestimate the value of a persistent person!