| > We are happy to share our security validation report of the agent as well as the configuration with any prospects/customer. I am the OP. I am not your customer. My customer is your customer. My customer wants me to install your agent. When I contacted Drata on email with some concerns before I accepted your terms and conditions (which I will never accept in its current form) and got any real information about your agent, your secretary responded: "Feel free to reach out to your Drata administrator internally with concerns. Do note, that when your company contracted with Drata, any edits or redlines they provided will prevail for all employees of your company." That is not very reassuring for a company (Drata) that want me to accept undisclosed terms and conditions, wants to sell my personal data to targeted marketing, reserves the right to change the user agreement over night, and who exploits a loophole in GDPR so you can move my personal data out of EU and do things with it that would be a crime in EU. I interperate that reply, from your secretary, as: "We already sold our thing to your company, so we don't care. Not about you. Not about your company. Bend over and take it like a good bitch!" As others have suggested here; if you want people to trust your agent, you should open source it, have it audited, and publish the audit reports. |