top | item 47050210

(no title)

virtue3 | 12 days ago

at best it's "cover your ass security" so when you do get pwned you can say you went through an "accrediting auditor" - blah blah blah.

Agreed on everything you said. Just wish there was a more efficient way to do things :/

discuss

jamesfinlayson|12 days ago

Yep, some stakeholder wants a pen-test or an audit so you do it and address the findings to keep them happy. Going through it now at work - bunch of silly findings because the pen testers know they don't get paid to send back an empty report and tell you everything is fine.