|
|
|
|
|
|
by arcurn
1646 days ago
|
|
|
Thanks for the comment — I understand the sentiment, but we invest a lot more effort in trying to persuade security pros and cryptographers through the technical and security features of the product itself. The people making the decision to use a product like Evervault isn't always a technical/security audience, so it's a tricky balance to navigate. We want both engineers and non-engineers to understand why using Evervault is important, so sometimes we fall short. This feedback is much appreciated though, and we'll definitely keep it in mind next time we do a website revamp (soon!). Thank you! |
|
|
1) As OP said, dial back "never" statements, there's no such thing as perfect security :)
2) When I look at a solution like this which essentially requires a lot of trust from customers (if your servers get hacked or your code is insecure, that's going to be a bit hit for your customers), I look for 3rd party validation. Something like a published 3rd party audit from a reputable consultancy, using good named consultants, with a clearly stated scope of work is likely to help allay fears about trusting a third party with a solution like this.
3) Talk some more about the experience of your team. What you're doing is hard to do well, so explaining where your team has experience of doing things like this in the past, will help.