|
|
|
|
|
|
by spydum
3013 days ago
|
|
|
I agree with your points. I think mostly the problem is there is no one specific place to find the list of "appropriate" methods to achieve the objective. Someone working in the infosec field could probably spit them out, but a dev may not be so up to date on such nuances. |
|
|
In that kind of situation, you'll probably end up getting measured against something between 'industry normal practice', and 'industry ideal practice'.
If you don't expect to actually get prosecuted or audited for compliance by a client or whatever, this probably doesn't matter much.
If you do, then you should probably look at whether an infosec consultant would pay for themselves in terms of avoidng fines or winning contracts.