MikeScops
Highest Rated Comments
MikeScops10 karma
I think this a fun question because everyone has a different opinion on it. We all loved the Impala and at the same time were not sure how it relates to a password manager :s
MikeScops8 karma
Ah, we thought about it already and made a draft proposal, but it never got much traction :/ https://dashlane.github.io/password-changer-well-known/
MikeScops7 karma
Those frameworks guarantee a minimum base, on which you add regular audits by consulting firms and our internal security team. We also run a bug bounty program on Hackerone, so we let everyone try to find security issues in our programs and servers. Last but not least, we have a regular risk committee to review all the risks related to our product, architecture, employees… and to assess potential benefits of getting some certifications. In other words, do we trust them : yes, is it enough : no.
MikeScops5 karma
You can apply this schema to a large number of companies you’re using the software or hardware
MikeScops15 karma
Well, this always ends up in a chain of trust problem until you put your trust somewhere. Do you trust the software ? Then the software server ? Then the server host ? Then the hardware ? So as Derek mentioned going for more transparency and explaining what we do is the right way to build trust between us and you, customers. To achieve this, there are multiple ways that we do: for instance open-sourcing more and more code, and, getting our code and practices certified by neutral organizations (like ISO or SOC2).
View HistoryShare Link