|
|
|
|
|
|
by tr0ut
1978 days ago
|
|
|
I asked because I've heard more than once that a company either stretched the truth or outright lied on these questionnaires. So stretching the truth could be: Do you adhere to NIST? The truth could be: "well not exactly but that's on our roadmap,we do somethings that are close enough."
That would get a 'YES' check. Or something like end to end encryption. The answer could be a 'YES' because a company uses front-end TLS and pretends to not completely understand the ask. In this case it is mostly the business either forcing security to bs or another group (Sales?) filling out the response untruthfully because they are loosing revenue if they're honest. |
|
|