CISO · Trust Bundle

Enterprise procurement trust. Without the audit bill.

The Stackbilder CISO Harness generates a signed security posture bundle in minutes. Cryptographically verifiable by any enterprise buyer. Hosted at trust.stackbilder.com/<your-slug>. When controls change, re-run the harness — a new signed receipt, same page.

See a live Trust Page → Request an invite →

Invite-only while we calibrate the harness · signing infrastructure live 2026-04-18 · verifier advisory window through 2026-05-18

§ What you get

One signed bundle. Seven artifacts. One hosted Trust Page.

01

Security Posture Overview

Governance, access, data handling, incident response, and third-party risk — authored against the Stackbilder CISO Harness template.

PDF
02

Threat Model — STRIDE

Decomposition of your primary data plane. Threats identified, mitigated or accepted with rationale. DFD + attack trees.

PDF
03

Data Flow Diagram + Classification

Canonical DFD with trust-boundary crossings annotated. Classification matrix (Public / Internal / Confidential / Restricted) mapped to handling rules.

PDF + CSV
04

Incident Response Plan

Roles, severity ladder, communication tree, and notification SLAs. Signable by the engineering lead.

PDF · signed
05

Shared Responsibility Matrix

Control ownership split between you and your customers across identity, data, infrastructure, endpoint, and incident response.

PDF
06

Subprocessor List

Current subprocessors with purpose, data categories, and region. Machine-readable JSON for procurement automation.

PDF + JSON
07

Questionnaire Response — CAIQ-Lite

CAIQ-Lite v4, pre-answered. Procurement teams can import directly into Vanta Trust or Drata.

XLSX
+

Hosted Trust Page

A public page at trust.stackbilder.com/<your-slug> rendering the signed receipt and the bundle. Regenerated whenever your controls change.

Included

Bundle generation and hosted page are both shipping. Per-artifact preview/download for the seven documents is rolling out during early access.

§ How it's different

The receipt is the contract.

Signed, not self-attested

Every claim — "universal MFA: enforced," "TLSv1.2+," "90-day log retention" — is bound into an HMAC-SHA256 signature over a canonical encoding. Edit one character and the signature breaks. You cannot quietly walk a claim back.

Verifiable by anyone

Your buyer's security team can hit verify.stackbilt.dev/<hash> directly and recompute the signature themselves. No login. No portal. No trust-me. 404 on unknown hashes with no existence leak.

Regenerable

Controls change — new subprocessor, tightened IR plan, rotated keys. Re-run the harness, sign a new receipt, publish it to the same Trust Page. Prior receipts remain verifiable for historical record.

§ Pricing

One-time bundle. Optional hosting.

Trust Bundle
$499

One-time

  • Seven signed artifacts
  • HMAC-SHA256 receipt
  • Public verifier access
  • CAIQ-Lite pre-filled
Email for invite
Trust Page hosting
$149/mo

Bundle required

  • Hosted page at your slug
  • Unlimited regenerations
  • Receipt history preserved
  • Procurement-ready downloads
Email for invite

Trust Bundle is invite-only while we iterate on the harness. Request an invite above; we'll open purchase when the calibration window closes and the invite allowlist ships.

FAQ

Is this an alternative to SOC 2?
No — it's a complement. SOC 2 is what your buyer's procurement team eventually requires at contract scale. A Trust Bundle is the cryptographically honest artifact you hand them while you're still nine months out from a completed audit. It doesn't replace the audit; it substantiates your posture claim in the interim.
Who can verify a receipt?
Anyone with the hash. The public verifier at verify.stackbilt.dev/<hash> is anonymous, rate-limited, and returns the canonical response. Your buyer's security team can recompute the signature locally against our published kid map.
What happens when our posture changes?
Run the harness again. You get a new signed receipt, which replaces the live one on your Trust Page. Prior receipts remain verifiable — they don't disappear, they just aren't the current posture. A reviewer hitting an older receipt hash gets a timestamped attestation of what you claimed on that date.
What's the calibration window?
The verifier went live 2026-04-18. For 30 days following (until 2026-05-18), non-verified results are advisory — we're confirming the verifier doesn't false-negative on legitimate receipts before wiring verified: false into downstream auto-blocking flows. Trust Pages display a small advisory banner during this window.