Soc2

1. (tptacek) Latacora's SOC2 Starting Seven
2. (tptacek) Fly.io's SOC2 experience: see especially "What We Didn’t Let SOC2 Make Us Do"
3. Tailscale's SOC2 experience: see especially open-source components like the ToBeReviewedBot and their security-policies
4. Sarah Harvey on Security, Cryptography, Whatever (also ... tptacek again): interesting discussion of the vendor security review (customer) perspective
5. Vanta's 5 Principles for building a secure product (aka Before SOC 2)
6. RunReveal's SOC2 Type 1 experience: see especially a discussion of the benefits of avoiding containers
7. Greynoise - SOC2 For Startups

8. WarpBuild's SOC2 Experience: includes guide to evaluating compliance automation tools, and full timeline of process Related Perspectives

9. SOC2 Suck — A False Sense of Security

10. Charity Majors: Compliance & Regulatory Standards Are NOT Incompatible With Modern Development Best Practices
11. Substrate - SOC 2 compliance for startups and first-timers (part 1), part 2, part 3, part 4

Selecting Vendors and Auditors

• soc2.fyi
• FushionAuth - SOC 2 - Inside The Matrix