[koolba]

There’s the “executive” level of this stupidity where an app replaces their md5 OpenSSL calls with their own internal copy pasta of the function.

“Look ma! We’re FIPS compliant now!”

[whydoyoucare]

Unfortunately, that happens because most regulations try to enforce a black-and-white rulebook, which is easy on the auditors but extremely difficult on those being audited.

I now thinks most compliance regulations are by auditors for auditors... :-D :-D