@silverwizard If, as engineers might wish to, you tell the auditors "I don't meet any of the regulatory requirements, but look, I've done this other stuff which in my personal opinion is better targeted at the bad guys" then guess whether (a) you get certified and (b) you can then sell your uncertified product into a highly regulated marketplace.
Source: multiple first hand direct experiences of being asked to advise on doing things right, only to see things descoped into doing just enough to address outstanding audit remarks, often scraping through on a technicality.
Viss
in reply to ChatJERRYPT • • •Not Simon π
in reply to ChatJERRYPT • • •the end user is the enemy.
And to quote Ender's Game:
"The enemy's gate[way] is down"Ptisan
in reply to ChatJERRYPT • • •gary
in reply to ChatJERRYPT • • •Chris
in reply to ChatJERRYPT • • •@infosec_jcp ππ done differently
in reply to ChatJERRYPT • • •Shh, don't talk about the insider threat, enabled by UK software, problem! π
#tcpdump them!!!! #audits
silverwizard
in reply to ChatJERRYPT • •Hypolite Petovan
in reply to silverwizard • • •Criminals: Unreliable.
Regulation: The only other certain thing apart from death.
silverwizard likes this.
Tim Ward βπͺπΊπΆ #FBPE
in reply to silverwizard • • •silverwizard
in reply to Tim Ward βπͺπΊπΆ #FBPE • •@Tim Ward βπͺπΊπΆ #FBPE @Jerry Bell :verified_paw: :donor: :verified_dragon: :rebelverified:β that is indeed why we all do it
Regulation is good, but our law system is setup for arguing semantics, not public good
Altytwo Altryness, BS
in reply to ChatJERRYPT • • •Dollar Parity
in reply to ChatJERRYPT • • •Dr Ζ¨lloΚΙiΠ miT
in reply to ChatJERRYPT • • •Confirmed.
Source: multiple first hand direct experiences of being asked to advise on doing things right, only to see things descoped into doing just enough to address outstanding audit remarks, often scraping through on a technicality.
Matt Franz
in reply to ChatJERRYPT • • •Malfunction54
in reply to ChatJERRYPT • • •Ash Doyle
in reply to ChatJERRYPT • • •