Hacker News new | ask | show | jobs
by wslh 408 days ago
I agree that today's focus is more on integration than relying on a single "corporate" system. However, I believe a major issue with micro-SaaS in general is security. While even FAANG companies face security challenges, relying on many smaller SaaS providers introduce weak points into your system, and security is a challenging factor for small company budgets.
2 comments
benoau 408 days ago
This isn't exclusively or particularly solved by VC-funded or giant tech companies - Dropbox once deployed a bad build that accepted any password, Apple accidentally had a blank root password, I'm sure there are many more embarrassing tales like this.

https://techcrunch.com/2011/06/20/dropbox-security-bug-made-...

https://www.macrumors.com/how-to/temporarily-fix-macos-high-...

link
wslh 408 days ago
Not saying that big companies don't have security issues. Expressing it differently: having multiple heterogeneous dependencies increases the effectiveness of supply chain attacks.
link
esseph 408 days ago
Now imagine you have 16 national industries that you've defined as basically "needing the best security reasonable", and most of those industries only deal with security as much as their insurance companies make them.

It's a nightmare out there.

link
TrapLord_Rhodo 408 days ago
I don't really understand this comment.

You are the exact people that i am trying to avoid with this model. I'm not trying to make big deals with big companies who can be impacted by security. The Micro-SaaS model requires that when i get a client asking me those kind of questions, i run from them and tell them my tools probably not for you. Any app that requires sensitive data transfering shouldn't be done on the micro-saas model.

Micro-Saas requires small, simple tools that may be low-hanging fruit. Sometimes they aren't micro-Saas's, but just random tools that make money for you by creating a glorified Open AI wrapper and a bunch of integrations. Honestly, alot of the tools I see that make money for people are made on Make or replit. No code even required but definitly not going after the "we need sensitive info or PII" market.

All payments just go through their respective provider so not really a risk there too.

link