Salesforce security: Is it just marketing claim?

Question

When you read the rest of the article nothing really shows that this claim. Use of SSL is very common how is this “most advanced”? What proves that their server follows best security practice as this story reveals even a specialized security company doesn't follow them?

So how do you get insurance that their code is really robust? What tools? If you use these tools to fake attacks they may retaliate for example so it's not very practical.

This is not targeted especially at salesforce this is more general question about SAAS or PAAS. If you use such services to integrate with your site, how can you ensure that the security is handled correctly knowing that you cannot trust only claim ? This is a big question you need to answer Corporate Management when you choose such solution. How can you answer if they want proofs ?

Answer 1

How can you trust any SaaS claims? Leave their security ones.

I think it boils down to trust and marketing. In the end, since the software is not hosted on our servers, we don't know for sure if they really are secure. We can't force guys like SalesForce to make guarantees either. I would love to see a third party website that reviews all these SaaS applications and report on their downtime, security, issues, etc.