@silverwizard If, as engineers might wish to, you tell the auditors "I don't meet any of the regulatory requirements, but look, I've done this other stuff which in my personal opinion is better targeted at the bad guys" then guess whether (a) you get certified and (b) you can then sell your uncertified product into a highly regulated marketplace.
Source: multiple first hand direct experiences of being asked to advise on doing things right, only to see things descoped into doing just enough to address outstanding audit remarks, often scraping through on a technicality.
Viss
•Not Simon 🐐
•the end user is the enemy.
And to quote Ender's Game:
"The enemy's gate[way] is down"
Ptisan
•gary
•Chris
•@infosec_jcp 🐈🃏 done differently
•Shh, don't talk about the insider threat, enabled by UK software, problem! 😅
#tcpdump them!!!! #audits
silverwizard
Hypolite Petovan
•Criminals: Unreliable.
Regulation: The only other certain thing apart from death.
silverwizard likes this.
Tim Ward ⭐🇪🇺🔶 #FBPE
•silverwizard
@Tim Ward ⭐🇪🇺🔶 #FBPE @Jerry Bell :verified_paw: :donor: :verified_dragon: :rebelverified: that is indeed why we all do it
Regulation is good, but our law system is setup for arguing semantics, not public good
catte_salad_clone (Altytwo Altryness, BS :verified:)
•Dollar Parity
•ƨlloʜɔiИ miT
•Confirmed.
Source: multiple first hand direct experiences of being asked to advise on doing things right, only to see things descoped into doing just enough to address outstanding audit remarks, often scraping through on a technicality.
Matt Franz 🥥🌴
•Lightfighter
•Malfunction54
•Ash Doyle
•