6 months? I'm not being sarcastic here - I'm not on the security or enterprise side of things, but this seems like a long way off for something like a secrets manager. Just out of curiosity, what would hold you back from doing this _prior_ to launching?
Getting certified is unfortunately not an overnight task … SOC2 alone will likely take months and that’s not yet factoring in the security audit as well. As much as we’d like to have it done ASAP, a lot of it is dependent on the length of the process and requirements to be met - that’s why my estimate is within the next 2 quarters (sooner the better).
As an open source company, we’ve basically “launched” since the moment we open sourced the codebase - it’s a constant iteration process for us and every week we release security updates as part of our roadmap. Security certifications and audits are something we’re starting to do in parallel at the moment whilst still being early in our journey (open sourced 3 months ago roughly).
I completely agree! I must say though, this is not fully dependent on us! SOC2 is a very lengthy process that also depends on auditors. This is one of our main priorities at the moment.
We're fortifying the codebase every day and would expect this process to be complete in the next 2 quarters.