With data breaches in the news weekly it is becoming evident for everyone that a lack of security can cost companies large amounts of money. Investments in security are by many seen as a form of insurance. It could prevent you from being in the headlines in the next cyber incident, or it could at least help your case that you had actually tried to avoid being vulnerable.
In post breach statements the phrase “we take security seriously” is common. The question is often when that started. Some companies do a fantastic job, but someone still finds a vulnerability. Others wake up and find out that security is important. Others haven’t really found out what it means to take security seriously, but they copy the statement from someone else. Software is never bug free and vulnerable free, but just as bugs are fixed, vulnerabilities should also be, starting with the most critical.
In Confirmit we tell our customers how we take security seriously because it is a claim that needs to be backed up by evidence. There are processes we follow and believe in and actions we see paying off. We also run third party assessments on a regular basis. It is not a surprise that these activities turn into sales arguments nowadays.
Some of our clients also perform their own testing and report their findings to us. This is our chance to prove that we take security seriously by quickly fixing issues that may arise. Speed is appreciated, not just because we don’t want to have known vulnerabilities in our software. Our clients typically perform their testing right before their decision to sign the contract, go into production or close to contract renewal. Quickly turning around and fixing flaws is good for both security and customer satisfaction. And that pays off.