We Are SecurityScorecard

Sam and I were assessing the security of a large financial provider that offered a fraud prevention product for vetting all e-commerce transactions. We spent weeks talking to them and reviewing their daunting 30-page security  questionnaire. At the same time, our Financial Controller was standing outside my office every day impatiently asking, "Why are we not expediting the security assessment? We need this product YESTERDAY!"

Our security instincts told us that despite the pressure to sign a contract for a partnership we desperately needed, the impatience of the deal would not cloud a deeper vetting of the partner. The evaluation we needed could not be obtained by simply working on the questionnaire and waiting for the vendor to answer the deeper security questions they were avoiding.

We continued working on the assessment, losing money in e-commerce fraud that the solution could have prevented. We started poking around using passive security research methods and discovered signs on the Internet that that company was compromised. We could have lost our data if we rushed the deal. After discovering the vendor’s security issues, we incorporated specific legal provisions into the contract to protect the company.

It was during this experience we identified the opportunity for SecurityScorecard. 

We thought, "What if we could engineer a way that would allow one company a deep view into another company’s security posture that would be instant, accurate, and independently verifiable without having to ask permission or wait around for weeks for answers to important security questions?" 

We strongly believed there were non-intrusive ways to obtain a clearer picture of the security health of a company, which could really help speed up and complement the vetting process. This experience was an epiphany for us.

Read More