The fund is called customers. The independent regulator is called the AICPA. It really comes down to who is paying attention

SOC2 is as useful as a privacy policy at protecting your data. It’s all humans following human incentives.

The value of SOC2 is that it does take some experience to be able to plausibly fake the evidence which weeds out people that truly have no idea what they're doing. It also provides a blueprint of the stuff you should be doing if you actually care.

But beyond that it's not worth a whole lot.

yeah it's funny to see some defense of this practice as "well the whole thing is pointless anyway so nothing is lost by defrauding folks". Pretty hollow argument

yes, the equivalent of looking at api spec and saying it's pointless because there's no implementation.

I feel like in the last five years all prior knowledge and art wrt infosecurity was lost from the "dev community". My guess is that hackers have an embarrassment of exploits and are being unusually quiet. I expect a series of major breaches/hacks over the next few months that are ignored and it just becomes normal to have all of your customer data dumped onto the public web. For example, the digital banking system could go under, and most kids would just download some new crypto app. It won't really matter that nothing replaces the dollar or our global banking infrastructure. The zeroing out of the financial system would just be the "coyote suddenly being affected by gravity".

There are a few, roughly.

Like the best options in most categories, they don’t spend a bunch of money or time on brand presence, advertising.

You simply find them.

The United States military?

Slow is smooth and smooth is fast.