How a startup can start itself to be at-par with contemporary cyber-security measures and standards ? While it is true that a startup cannot afford bug bounty programs or the cost of conducting pen-testing. At recent Techfestival Copenhagen's Cyber Security & Infomation Warefare Summit organized by Sven Weizenegger & Marisa Hinrichs I had opportunity to speak about Good old DREAD framework where a startup can begin assessing and start itself on the journey of meeting cyber-security standards, sustain itself from vulnerabilities, and answer those tough questions coming from integration partners and investors at the same time