HackerTrans
トップ新着トレンドコメント過去質問紹介求人

arjavmehta

no profile record

投稿

Show HN: Built a verifiable, open-source SoC 2 readiness scanner

loxeai.com
2 ポイント·投稿者 arjavmehta·2 か月前·0 コメント

Open-source AWS evidence collector for SoC 2 audits

loxeai.com
1 ポイント·投稿者 arjavmehta·2 か月前·0 コメント

コメント

arjavmehta
·2 か月前·議論
[dead]
arjavmehta
·2 か月前·議論
[flagged]
arjavmehta
·2 か月前·議論
Yes, its very possible.

What's most important for you would just being able to prove to your customers that you do what you say you do.

The core issue isn't SOC 2, it's verifiability. Your customers want to know that what you claim about your security posture is actually true, not just documented.

I've actually been deeply exploring the compliance space lately and a few days ago I built an open-core pre-audit readiness layer. Every finding traces back to the raw AWS API call that produced it, SHA-256 hashed. An auditor or skeptical customer can verify it themselves without taking your word for it.

Its more SOC 2-esque, & its pre-audit readiness not a certification, but it does the job of proving you are trustworthy.

repo if relevant: https://github.com/adog0822/AWS-Evidence-Layer

(I built this, disclosing upfront)
arjavmehta
·2 か月前·議論
[flagged]