As part of doing research on the possibility of offering security services for small to medium businesses operating online we are posing these questions to you: 1) Would you pay or not if you were contacted by a security researcher explaining that they believe(and can prove with permission) that you have a security hole in your code? The nature of the problem with your website is causing your source code to be leaked to the world. Source code that may or may not contain login details to other services, either FTP,MySQL etc. 2) Considering that website security audits price range from $40 - $10 000 and vary greatly depending on quality of service, how much would you pay if the researcher can prove to access source code of your website and provide a solution to remedy the problem? 3) Do you believe that the popularity of the website would determine the increase in asking price?
No. If I want security, I would use HTML. If my website is hacked, I will search for a solution how to fix it. if my server is compromised, my provider is responsible for that.
Ok, so you would rather opt for post-compromise reconnaissance, even though you might bleed out sensitive customer information if you can't find the problem yourself? I find this interesting because I would probably do the same as you. I think we sometimes forget the power that lies in customer information and how it can be leveraged by sites that compete with us, don't you think? Let's say the competition might be able to contact these customers directly to try and win them over to their site. The shocker is that research has shown this happens more than one would think were hackers sell data dumps to competing sites.
You've got a good point, and an excellent lobby-person, too. I am sure you will find no problem finding clients other than a stubborn head like me. Just for clarity, my websites are clients'/personal's own and easy to setup. Only some information, no users in the database except for admin. Contacts are made via email and phones or IM. So my clients and I may not fit into the smalll business that you are looking, we are smaller than that. Simply put, my clients and I are not the type of your target client. Having said that, there's always a market of people looking to secure their scripts, their servers, their internet connection, etc. And for these people, if I were you, I would charge them more than $40 - $100.
if your server gets hacked you are responsible for it as it was your script that compromised the server. As a computer specialist i do home network security checks, basically i go to their house do a remote scan of there wireless network to see if it is vulnerable. If it is take control of the network and lock them out as a prof of concept. Then go in fix the problem and show them how to better protect the network by doing various security tweaks.