[jdreyfuss]

Checklist author here. Glad you liked the idea!

Figuring out a clean shorthand way to group these best practices was something we definitely thought about. The idea behind using funding rounds was to find something that can work as an easily digestible placeholder for company maturity and capabilities for most SaaS startups. Something closer to “just starting out,” “product-market fit,” and “starting to scale” rather than being specifically about actual funding levels.

Definitely open to feedback if that way of grouping things doesn't resonate!

[andrewstuart]

Maybe this concept should just get rid of the CTO aspect and position it as the "SaaS security checklist".

Then gamify it so that all the technical people in the team can each give their independent rating of how the company performs on each checklist item.

Then give each checklist item and owner and assign action items, status and followup discussion.

The outcome of that is something the CTO would be interested in because it would be a dashboard with accountability.

[jdreyfuss]

Cool idea! I like the self-assessment angle.

We wrote this for CTOs since prior to hiring a dedicated security engineer, security responsibilities in a company often fall to the CTO. But really, any more technical person in a company with some ownership or interest in security can leverage this.

[andrewstuart]

The "SAAS security dashboard". Grab that domain!

Features:

- Including an overall alert status red/yellow/green.

- Critical issues rise to the top somehow for the team's attention.

- Mechanisms and best practices for reporting security issues.

- A knowledge base linking to relevant articles on each topic.

- A button must be pressed to say that backups have been tested, failing to do so raises alert level.

- Team members jointly contribute ratings out of 10 for the companies security practice in each checklist item

- Team discussions/actions/priorities.

- Register your companies tech stack with the service and it sweeps the net for security reports about stuff that you use.

- Integrate ansible to gather information about the versions of the software you are using and issue dashboard alerts when stuff in your software stack is vulnerable to attack.

- $5,000/month

- database lives on client site

etc etc

Don't know why I give these ideas away for free. Maybe I'll get onto building it!

[czbond]

I did - early beta. Based on my experience as CISO for SaaS a well as running security engineer team at a Fortune 5 company, performing Tier 1 PCI DSS, NESA, scans, etc https://joinsecurekit.com/

[nathan_f77]

This sounds really good! I've just signed and I would definitely use this. I'd be happy to help with beta testing.

Would you be able to share some details about the pricing and business model?

EDIT: I get a "You are already signed in" error when I try to fill out the welcome form: https://www.dropbox.com/s/bfxfpm2tczbyn7d/Screen%20Shot%2020...

[paulb81]

A lot of these features are actually already inside our product Sqreen, but it "only" starts at $250/month.

We're also hiring if you want to help us build the missing items ;)