This reminds me of a few things I have learned about HackerSafe and similar services.
1) Pricing is negotiable. Joann.com paid $15,000/year for this service, but I am not sure why. My guess is that the average site can get HackerSafe or a competitors’ service for $500/year if you negotiate. HackerSafe’s largest competitor offered us the service for free for a year at one point just because they were trying to take business away.
2) Figuring out where to place the seal is tricky. HackerSafe makes claims about how much improvement you can see in conversion when using their service. However, any increase you see will largely be determined by how you position the seal on the site.
3) Companies like HackerSafe are good options for helping with the internal auditing now required by Visa/Mastercard.
4) HackerSafe has not always caught all of the security loopholes on our sites. On the other hand, they do better than I really expected. For example, they detected some SQL injection exposure that we had.
5) If you are going to use the HackerSafe seal, you have to manage your account so that they do not turn it off. This sometimes can get quite tedious. For example, in some cases, it may require you to upgrade software before you really wanted to. You may disagree with the alleged exposure they claim you have, but you really have no recourse other than cancelling the service.
So is this kind of auditing worth it? In my opinion, the jury is still out. First of all, you can sleep easier with their auditing, but you are fooling yourself if you think you are completely invulnerable to hackers. Secondly, our tests have never shown a significant increase in conversion when using the HackerSafe seal.