Soc2
- (tptacek) Latacora's SOC2 Starting Seven
- (tptacek) Fly.io's SOC2 experience: see especially "What We Didn’t Let SOC2 Make Us Do"
- Tailscale's SOC2 experience: see especially open-source components like the ToBeReviewedBot and their security-policies
- Sarah Harvey on Security, Cryptography, Whatever (also ... tptacek again): interesting discussion of the vendor security review (customer) perspective
- Vanta's 5 Principles for building a secure product (aka Before SOC 2)
- RunReveal's SOC2 Type 1 experience: see especially a discussion of the benefits of avoiding containers
- Greynoise - SOC2 For Startups
Related Perspectives
- SOC2 Suck — A False Sense of Security
- Charity Majors: Compliance & Regulatory Standards Are NOT Incompatible With Modern Development Best Practices
- Substrate - SOC 2 compliance for startups and first-timers (part 1), part 2, part 3, part 4
Selecting Vendors and Auditors