Sure, most companies could add an About section and probably put this behind them pretty quickly. They could have even hired someone like Delve to assure this kind of thing wouldn’t happen again.

But Delve themselves can’t really do any of that. They’ve screwed up on a fundamental piece of their own business model. Their core offering *is* Compliance as a Service!

How could I trust their word that they’ll ensure my company is compliant? How could I trust their word that a company I’m doing business with is compliant? They can’t even handle their own Apache 2.0 licensed works, and that’s child’s play- relatively speaking. I’m supposed to trust that they can handle PCI and HIPPA and all the rest for other companies?

This is like having a dentist who doesn’t brush and floss their own teeth. Or a building inspector working out of a moldy office suite with exposed rebar. Or an editor with a personal website full of typos and grammatical errors. It’s a dealbreaker to anyone with common sense.