That seems straight-forward to do (although difficult finding great developers to assess this stuff):
- Development process (Agile, Scrum, Waterfall, Panic, etc.)
- Architecture
- Testing processes
- Pentesting
- Credentials of all of the developers
- Credentials of the managers
- Even the presence of physical security
There's already "cybersecurity" insurance and surely someone from that industry could join and tell you how to price security features and processes: https://www.dhs.gov/cybersecurity-insurance
I can't really speak against it not being worth it for the insurance company though. How do you build a cheap but high coverage insurance product for startups that have limited cash?
- Development process (Agile, Scrum, Waterfall, Panic, etc.)
- Architecture
- Testing processes
- Pentesting
- Credentials of all of the developers
- Credentials of the managers
- Even the presence of physical security
There's already "cybersecurity" insurance and surely someone from that industry could join and tell you how to price security features and processes: https://www.dhs.gov/cybersecurity-insurance
I can't really speak against it not being worth it for the insurance company though. How do you build a cheap but high coverage insurance product for startups that have limited cash?