I wish this were a new business idea for me but it’s not. Something like this would take the deepest of pockets and the most connected management team imaginable. Starting from the premise that there are bodies like PCI and HIPPA for certain types of data security; we are likely to see new ones for AI and machine control systems… much in the way that there are certifications for electrical enginees … and other certain professions.
Strictly taking PCI and modern secirity concerns into account “we”, people in the software development business, have a massive attack surface area. Almost everything we have been building over the last 25 years has experienced a dramatic increase in productivity, however, managers and management fails to understand why… In the last 25 years we stopped writing applications and started assembling them.
Has anyone you know ever said “I built a new gaming PC”? Unless that person actually drew the circuit layout on the PCB and selected the chips it was assembly.
What happened in the last two decades is the rise of open source and the cheapness of corporate entities to get started. And while all might have been good in the beginning and especially when the internet was weak and slow it’s all moving toward the perfect storm. While “we” are assembling our projects how can we be assured that the tools and libraries that we integrate are from a trusted source.
So my recommendation for a business is a complete currated stack.