Delve – Fake Compliance as a Service

Posted by freddykruger 1 day ago

Delve – Fake Compliance as a Service(deepdelver.substack.com)

421 points | 139 commentspage 3

ipython 3 hours ago|

> the price quickly dropped to just $6,000 when they realized we were serious about going elsewhere, and they would throw in ISO 27001 and a 200 hour penetration test as well.

I'm sorry, but... $6,000 / 200 == $30 / hour? Just assuming the value of the actual certifications is $zero?

Wouldn't that raise some serious red flags?

codegeek 3 hours ago|

$6000 for both SOC 2 and ISO 27001 with Pen tests ? lol. I paid over $8k just for ISO 27001 for our small company and have been quoted a lot more for SOC 2.

fantasizr 5 hours ago||

there needs to be a fund with an ethos of "move slowly and do things accurately"

sunir 5 hours ago||

The fund is called customers. The independent regulator is called the AICPA. It really comes down to who is paying attention

SOC2 is as useful as a privacy policy at protecting your data. It’s all humans following human incentives.

Spivak 4 hours ago||

The value of SOC2 is that it does take some experience to be able to plausibly fake the evidence which weeds out people that truly have no idea what they're doing. It also provides a blueprint of the stuff you should be doing if you actually care.

But beyond that it's not worth a whole lot.

fantasizr 4 hours ago||

yeah it's funny to see some defense of this practice as "well the whole thing is pointless anyway so nothing is lost by defrauding folks". Pretty hollow argument

neutronicus 4 hours ago|||

The United States military?

hrimfaxi 4 hours ago||

Slow is smooth and smooth is fast.

DANmode 5 hours ago||

There are a few, roughly.

Like the best options in most categories, they don’t spend a bunch of money or time on brand presence, advertising.

You simply find them.

pkilgore 2 hours ago||

Slopliance?

laidoffamazon 9 hours ago||

Major red flag with this should have been that their expensive marketing predicated heavily on them being MIT dropouts instead of any expertise in the space

gmerc 5 hours ago||

Well now we know how Cluely and friends can claim to be SOC2 compliant.

rvz 5 hours ago||

Notice how none of Delve's affiliates on X are posting anything after that Substack post. Probably their lawyers told them not to say anything further.

What does that tell you about the scam that was unveiled?

Not good.

JimDabell 5 hours ago|

The only thing it tells us is that they have received competent legal advice. Any counsel is going to tell you to shut up regardless of whether you are in the right or wrong.

latchkey 4 hours ago||

I've been talking about this for a while now. For those of you thinking... Oh, I use a "good" company... think otherwise.

https://x.com/HotAisle/status/1946302651383329081

The whole thing is a racket.

imaurer 4 hours ago||

vibe compliance

claudiug 5 hours ago||

wow, cannot imagine now companies that tool the compliance, and get deals just to be fake. uff...

frenchie4111 5 hours ago|

wow you guys really delved into this

More comments...