> And except in domains with big penalties for making mistakes, it's often better not to aim for perfection initially.
I feel like this exception is another potential pitfall because it is so easy to think e.g. "if this doesnt look polished, users will think that we arent professional" and that is a big hit.
Although that is a more clear case, there are more ambiguous ones: imagine that your startup is doing encrypted email. What level of encryption/protection do you go with at launch? Do you go with the best practices as good as the founders know of or do you get an audit from tptacek? The latter is probably wayy out of your price range as a startup, but if your security takes a hit people wont know if they can trust you with their important information. What is the right line to go with here?
I feel like this exception is another potential pitfall because it is so easy to think e.g. "if this doesnt look polished, users will think that we arent professional" and that is a big hit.
Although that is a more clear case, there are more ambiguous ones: imagine that your startup is doing encrypted email. What level of encryption/protection do you go with at launch? Do you go with the best practices as good as the founders know of or do you get an audit from tptacek? The latter is probably wayy out of your price range as a startup, but if your security takes a hit people wont know if they can trust you with their important information. What is the right line to go with here?