MikeScops

Well, this always ends up in a chain of trust problem until you put your trust somewhere. Do you trust the software ? Then the software server ? Then the server host ? Then the hardware ? So as Derek mentioned going for more transparency and explaining what we do is the right way to build trust between us and you, customers. To achieve this, there are multiple ways that we do: for instance open-sourcing more and more code, and, getting our code and practices certified by neutral organizations (like ISO or SOC2).

I think this a fun question because everyone has a different opinion on it. We all loved the Impala and at the same time were not sure how it relates to a password manager :s

Ah, we thought about it already and made a draft proposal, but it never got much traction :/ https://dashlane.github.io/password-changer-well-known/

Those frameworks guarantee a minimum base, on which you add regular audits by consulting firms and our internal security team. We also run a bug bounty program on Hackerone, so we let everyone try to find security issues in our programs and servers. Last but not least, we have a regular risk committee to review all the risks related to our product, architecture, employees… and to assess potential benefits of getting some certifications. In other words, do we trust them : yes, is it enough : no.

You can apply this schema to a large number of companies you’re using the software or hardware