Building Security at Scale: The AppExchange Story

What happens when a startup decides to build an entire ecosystem around trust?

In our interview hosted by Bishop Fox CEO Vinnie Liu with guests Brendan O’Connor, CEO of AppOmni and James Dolph, CISO at Guidewire, we uncovered the fascinating origin story of Salesforce's AppExchange. A program that didn't just create a marketplace but fundamentally transformed how we think about application security at enterprise scale.

Watch the full interview below.

The Trust Revolution Begins

The conversation reveals something remarkable: in 2007, when cloud computing was still met with skepticism and enterprises clutched their on-premises systems, Salesforce made a bold bet. They created the world's first Chief Trust Officer role and built security standards that would enable thousands of small developers to sell directly into enterprise accounts.

"Nothing's more important than trust," Salesforce CEO Mark Benioff declared early on according to Brendan O’Connor, former Salesforce Chief Trust Officer. "If customers don't trust us with their data, we don't have a business." This wasn't just corporate speak; it became the foundation for an entirely new approach to marketplace security.

O'Connor explains how they solved what he calls "the number one security problem: executive alignment. “When your CEO genuinely believes security is existential to the business, everything changes.”

From Manual Reviews to Automated Scale

The evolution from manual processes to automated systems offers crucial insights for any organization building security programs. The Salesforce product security team began with basic vendor due diligence: "Are you a real company with real people?" but quickly realized they needed technical depth.

The breakthrough came when they recognized a fundamental truth: you can't automate what you don't understand. They hired smart people to "blaze a trail through the jungle," as O'Connor puts it, then systematically automated the repeatable parts.

Their partnership with a tiny startup at the time, Checkmarx, exemplifies this approach. Instead of trying to scale human reviewers indefinitely, they invested in tooling that could handle Salesforce's proprietary Apex language, creating a foundation for both internal processes and partner enablement.

The Economics of Trust

Perhaps most interesting was their financial model. The AppExchange listing fee, growing from $1,500 to a few thousand dollars, barely covered testing costs. Salesforce actually ran the program at a loss, viewing it as an investment in ecosystem trust rather than a profit center.

This decision enabled smaller companies to access enterprise markets they could never reach independently. As Dolph notes, they were teaching startups "how to sell upmarket" by providing the security foundations that enterprises demanded.

Lessons for Modern SaaS Security

Looking back, both leaders identify key improvements they'd make today. O'Connor emphasizes starting with business metrics from day one and establishing clear risk appetite discussions with leadership. Dolph advocates for faster feedback loops with product teams building what he calls "Product Defense" capabilities earlier.

Their advice for current security programs? Start manual, understand the problem deeply, then automate intelligently. Don't lead with tools, or your program will inherit their limitations.

As O'Connor observes, "SaaS is the new OS of business." The AppExchange model created a template for how security can enable business growth rather than constraining it. By establishing trust frameworks that scale, they demonstrated how collaborative security between vendors and customers creates stronger outcomes for everyone.

The conversation offers more than historical perspective; it provides a highly successful blueprint for building application security programs at scale, while maintaining the trust that makes everything else possible.