|
|
|
|
|
|
by jdreyfuss
2571 days ago
|
|
|
Cool idea! I like the self-assessment angle. We wrote this for CTOs since prior to hiring a dedicated security engineer, security responsibilities in a company often fall to the CTO. But really, any more technical person in a company with some ownership or interest in security can leverage this. |
|
|
Features:
- Including an overall alert status red/yellow/green.
- Critical issues rise to the top somehow for the team's attention.
- Mechanisms and best practices for reporting security issues.
- A knowledge base linking to relevant articles on each topic.
- A button must be pressed to say that backups have been tested, failing to do so raises alert level.
- Team members jointly contribute ratings out of 10 for the companies security practice in each checklist item
- Team discussions/actions/priorities.
- Register your companies tech stack with the service and it sweeps the net for security reports about stuff that you use.
- Integrate ansible to gather information about the versions of the software you are using and issue dashboard alerts when stuff in your software stack is vulnerable to attack.
- $5,000/month
- database lives on client site
etc etc
Don't know why I give these ideas away for free. Maybe I'll get onto building it!