A week ago WhiteHat launched Sentinel Elite where we made a bold statement, perhaps one of the boldest statements any security vendor can make. We’re offering a financially backed security guarantee: if a website covered by Sentinel Elite gets hacked, specifically using a vulnerability we didn’t identify and should have, the customer will be refunded in full.
Since the announcement, the feedback we’ve received has been both incredible and incredibly interesting. It’s clear to us the concept of a ‘security guarantee’ strikes a nerve and we are finding that others in the industry have called for similar action. In fact, a recent report by ChangeWave (a subsidiary of 451 Research), entitled ‘Corporate Cloud Computing Trends’, says the following:
“We also asked about the importance of being offered a ‘security guarantee’ by cloud service providers. Three-quarters of respondents (74%) say it’s ‘Very Important’ that cloud providers offer a guarantee, and another 22% say ‘Somewhat Important.’ Companies not using cloud place a greater importance on security guarantees than current users. As such, security guarantees give cloud service providers an opportunity to attract new customers.”
Even Dan Geer (CISO, In-Q-Tel), in his Black Hat keynote, called for software liability: “the only two products not covered by product liability are religion and software, and software shall not escape much longer.”
Clearly, this is an idea whose time has come!
While many have been commending us for putting our money where our mouth is, which we appreciate, we’ve also been asked to do more. We heard multiple times that in the long run, a product refund is not substantive enough when compared to customer breach costs in the event of an incident — which could easily extend from six figures on up. And you know what? They are absolutely right! WhiteHat should have more skin in the game. So, we’re taking this feedback to heart and we are upping the ante:
Now, not only will Sentinel Elite customers receive a full refund in the event that their site is breached as a result of a vulnerability that we should have discovered but missed, we will also cover up to $250,000 in damages to the affected company.
Like we’ve said before, WhiteHat is serious about web security. We’re serious when we say a security vendor’s interests should be in line with their customers. We encourage other vendors to follow suit and we encourage their customers to settle for nothing less. This is the best way to achieve better security outcomes, more secure software, and a more secure Web. Other industries have already done this. InfoSec can too!
For more information about Sentinel Elite, please click here.