Chase Lee, Trustpage: “software industry should start using transparency to usher in a new age”

November 25, 2022
5 mins

As more software solutions are launched, businesses are looking for ways to make theirs stand out from the crowd.

Innovative features and services will surely increase the attractiveness of your product. However, given the post-pandemic spike in cyberattacks, its most important attribute will end up being its level of security. Finally, it is software defects and vulnerabilities, not flaws in antiviruses or firewalls, that allow hackers to succeed in cyberattacks.

As detecting software problems and completing security assessments can be a time-consuming and frustrating process, CyberNews reached out to Chase Lee, CEO of Trustpage—the only end-to-end TrustOps platform that works with security review procedures.

How did Trustpage originate? What has your journey been like since?

I've been fortunate to be deeply involved with cybersecurity and software for more than twenty years. While building my last company, Ambassador, we quickly ran into the challenges of not only implementing a security program but also ensuring our customers and the market that our software was safe to use. We learned how hard it was to make sure the software we were buying adequately protected our data and, in turn, our customers' data. 

A security review boiled down to a massive spreadsheet of hard-to-understand questions emailed back and forth. And when attempting to perform our own diligence, we found the process incredibly discouraging, as most vendors treated it as a cost center rather than an asset and looked to do as little work as possible to earn our trust. 

I teamed up with a few ex-Ambassador employees to take a first pass at solving the problem; the rest is history. In just 2.5 years, we’ve built the only end-to-end security review platform designed to automate security reviews. We’ve continued to change the narrative around software, ensuring that buyers and sellers alike have access to the security information they need to make informed decisions about what software they’re using. This is only the beginning. 

It is evident that establishing trust is the key goal at Trustpage. Can you tell us a little bit about what you do?

Trustpage is the industry-leading security review platform. Software companies spend hundreds of hours attempting to prove that they can trust the software they’re buying or selling.

The Trustpage suite of tools provides organizations the ability to complete the security review process with ease and gives software buyers peace of mind.

What are the best practices companies should follow when developing and when launching software?

The most pervasive advice that we give our customers, large and small, is to get started building your software on top of a strong security foundation and not to treat security as an afterthought.

When software is built on a strong security foundation, our customers can use their security as a revenue driver and differentiator against their competition.

How did the recent global events affect your field of work? Have you noticed any new cyber threats arising as a result?

Almost all of our data flows through companies, and about 2.5 quintillion bytes worth of data is generated each day. As a result, the tools we rely on in our daily lives have become the biggest target for the crime we've ever known.

In fact, if cybercrime were a nation, it would be the third largest world economy behind the US and China, dwarfing the entire global drug trade. Cybercrime will cost the world $10.5 trillion annually by 2025. Even these alarming numbers fail to capture the real human harm done by cyber criminals every minute of every day.

While society has taken monumental steps like the GDPR to safeguard data better, our ability to wage war on cybercrime remains fragile at best. Over 3.5 million jobs in cybersecurity will go unfilled this year, and with an unemployment rate of 0% for the past 10 years, there are simply not enough cybersecurity professionals to go around. The talent gap is only expected to get worse. Our goal is to make the world a more secure place while increasing the efficiency of cyber professionals, so we can do more work with less.

What practices or security tools do you think every company and individual should implement to combat these new threats?

Our biggest suggestion, of course, is to document your security policies and posture clearly in your own Trust Center.

Although there are plenty of security solutions and providers available on the market, certain companies and individuals still struggle to upgrade their cybersecurity posture. Why do you think that is the case?

We’ve seen companies struggle most to make the case for prioritizing security upgrades. Whether due to expense or time-based excuses, cybersecurity has historically been an afterthought that companies have patched together in the form of band-aid fixes. Working towards a SOC 2? Make sure you patch X, Y, and Z issues in order to reach that milestone.

While a paradigm shift has begun to center security solutions as a positive and proactive measure, many companies still view their InfoSec teams as purely a cost center. We recently hosted a webinar on this topic alone, because here at Trustpage we believe that improved security postures can improve win rates and drive increased revenue.

Not everyone has joined us in that belief yet. Many companies are still attempting to cut costs and invest less time, ultimately leaving them to prioritize lower on their to-do lists and deal blows to their security postures.

Keeping up with privacy policy requirements can sometimes be complicated. What details do you think are often overlooked by organizations?

Privacy policy requirements aren’t actually complicated, but they can seem that way without taking time to understand or analyze them. These privacy focused frameworks, like CCPA and GDPR, often revolve around many of the same basic privacy principles:

  • Opt-in to data collection rather than opt-out.
  • Safeguarding user data against unauthorized disclosure.
  • Transparent data collection, processing, and sharing.
  • Data retention periods and ability to manage one’s collected data.

While companies don’t typically intentionally overlook these common requirements, they do implement bandaid solutions to complete a certification or cross an item off

their list. More often than not, we see that neglecting to treat privacy requirements with the level of attention they deserve is the root of most concerns.

We recommend companies stand in their users' shoes while writing their privacy guidelines. Privacy requirements are also part of their customers' experience, so taking the time to make this a hiccup-free, and perhaps even positive, experience for their users is important.

In your opinion, what data privacy issues should more people be concerned about?

We’re particularly weary of the widespread use of Third-Party Cookies by every website across the internet. Last winter, we launched a campaign highlighting the history & future of the web cookie & how to check for third-party cookies on your site. 

With the rise of social media applications like Facebook, Instagram, and TikTok, we’re also keenly aware of the data that we create as users of the internet.  

Would you like to share what’s next for Trustpage? 

Our team recently launched the largest online directory of software security policies sourced from around the web.

As an organization, you have the right to know how your third-party vendors and partners are handling your data. Your reputation can be easily damaged by a vendor's weak security program, or even worse, cause your organization to shut its doors. In simple terms, this is the risk you are evaluating when deciding to purchase a third-party’s software products and services. With the stakes this high, it seems like a no-brainer that you should have the right to access knowledge about your vendor's security posture.

For far too long, users have had to go through a gauntlet of account executives, support channels, and paywalls (Enterprise-tier only) to get the information they need. Surfacing the security policies of the tools that power our lives every day is one of the most powerful ways we can create a shift in the way the world views InfoSec.

In an ever-advancing world, Trustpage is convinced the walled garden approach is ineffective, so we're doing something about it. Transparency is key to curbing the rise of cyberattacks. We believe the winners in the marketplace will be organizations that don't shy away from conversations about trust and security – leading with trust will be the strongest competitive advantage any organization can have.

Trustpage believes the software industry should start using transparency to usher in a new age of sharing security information with customers and partners. In one seamless tool, users can now:

  • Search the most comprehensive and up-to-date InfoSec information for thousands of companies, including first-party data from Trustpage users and third-party information we’ve gathered from around the web.
  • Evaluate companies with our Compare tool, so you can make more informed decisions on vendors you’re evaluating.
  • If you’re a business owner, you can claim your profile to update and expand on your security posture, all for free.

This article was originally published on on October 25, 2022. Read the original article here.


Shift Left: Turn Security into Revenue and join the security revolution.

Similar posts

Join 300+ companies using Trustpage to communicate security.