[cdiamand]

"Add files, unstructured text extracts or other content you use as sources of intelligence."

This page could do more to establish trust. (I'm not really in the threat analysis space), but It seems like a big ask to blindly upload threat related intelligence files to a landing page on the internet.

[panoramas4good]

You're right, there will absolutely be teams, typically governments, where this will rule them out straight away. Same goes for very sensitive info.

However, there is a large market of intel sharing done via file sharing. As more businesses are mandated to share intel, they turn to GDocs, Dropbox, email, etc to share the intel.

Coming from the security industry, app sec is top of my mind (though such promises are never usually enough to convince decision makers). All-in-all your point is a good one, and it's something I still need to fully validated (maybe there is demand for an on-prem version?).

[xtiansimon]

Im not in the security space, but I do work with financial data for small businesses. I’m curious about how people feel about giving their data to third parties.

On the face of it, if you give your company’s financial data to a company, they have very powerful strategic industry information which could be valuable. But on the other hand, if a company like Intuit was discovered selling this data, their online accounting business could evaporate overnight.

The invoice-ocr companies are interesting, because they are collecting company-specific data about an industry, but they are also improving their own algorithms and ML products for the industry.

I’m asking myself if this security firm isn’t providing a similar service when diverse companies share their security, maybe the space is lucrative enough that risking getting caught for shenanigans is not worth it.

I mean, Facebook isn’t getting paid by its users, so their shenanigans are to be expected (though completely unethical if not also immoral).