Quick answer
Start where practitioners compare implementations and incident lessons: vendor-agnostic security subreddits, GitHub issues for security-adjacent tooling, Stack Overflow for secure coding questions, Hacker News for launches and architecture debates, and YouTube for conference talks and tool walkthroughs. Verify each source’s rules and date before you treat a thread as market truth.
Best for: founders entering security-adjacent B2B (AppSec, cloud security, detection engineering) who need first-pass language and alternatives - not for compliance guarantees.
Checklist (verify live before relying)
| Surface | Why scan | Caveat |
|---|---|---|
| Reddit (security subs) | Pain narratives, tool comparisons | Heavy anecdote bias |
| Hacker News | Launch reception, architecture skepticism | Not representative of all IT |
| Stack Overflow | Concrete implementation errors | Narrow to dev-centric buyers |
| GitHub | Issues on security libs, CI templates | Maintainer-focused norms |
| YouTube | Talks explaining buyer mental models | Selection toward popular voices |
| Bluesky / Mastodon | Emerging practitioner chatter | Fragmented instances |
Official references: Reddit Help; Stack Overflow conduct; GitHub docs.
Verification habits
- Date – Security moves fast; old threads may be obsolete.
- Role – Distinguish IC vs manager language.
- Vendor affiliation – Disclosure is not always present - treat anonymous praise carefully.
Using Needle
Run cross-community Search for category phrases on the communities your plan includes. If you also rely on Quora or Product Hunt threads, research those separately - Needle Search does not index them.