←back to thread

Ask HN: How are you acquiring your first hundred users?

559 points amanchanda | 5 comments | 13 May 25 08:41 UTC | HN request time: 0.783s | source

I am building a B2C AI SaaS with $50/month price. How would you go about getting with first 100 users and then the next 500 users.

What we are currently doing: 1) Cold outreach to power users - to convert them into affiliates. 2) Cold outreach to individuals who have target ICP communities. 3) SEO for more long term (not for the first 500)

1. abhisek ◴[13 May 25 12:12 UTC] No.43972026[source]
Not sure if it’s relevant because you specifically mentioned about B2C.

For cyber security product, we took the open source route. We build our core technology in public as open source project.

https://github.com/safedep/vet

The commercial SaaS is for scaling and management. Our entire funnel is based on OSS. Folks who have already found value and is looking to scale their deployment.

This model works for us especially at our current stage where we are 100% engineering led.

replies(2): >>43978823 #>>43979921 #
2. meander_water ◴[13 May 25 23:08 UTC] No.43978823[source]
Kudos, this looks like a great product. I'm going to try it out today. Is there a reason why you only consume OSV and not CVE data?
replies(1): >>43980563 #
3. psviderski ◴[14 May 25 01:56 UTC] No.43979921[source]
What's your approach with getting users for your OSS product?
replies(1): >>43980590 #
4. abhisek ◴[14 May 25 03:44 UTC] No.43980563[source]
We felt that OSV schema is designed with security tooling and automation as primary design goal. Specifically for our use-case, it captures the package name and versions using standardised schema. Also we saw adoption of OSV by package ecosystems like Python, Go etc.

While CVE is still the largest database of vulnerabilities, we felt OSV is good enough to identify most recent vulnerabilities

5. abhisek ◴[14 May 25 03:47 UTC] No.43980590[source]
Build in public really. Just talk about what we are building, get feedback, bug reports etc. from users. When major security issues happen related to our domain e.g. xz or tj-actions/changed-files, we either write about how our tool can mitigate the risk or research on how to enhance our tool to handle the risk and then talk about it publicly.