|
|
|
|
|
|
by staunton
1136 days ago
|
|
|
Security teams focus on requirements and objectives which are set by far removed entities and at vastly different generality and abstraction levels, often with objectives other than "make sure we and our customers don't get hacked", such as limiting legal liability and navigating a complex landscape of regulation and best-practice recommendations, ignoring which can also lead to legal liability. It should be no surprise that these have little overlap with actual security problems arising in their particular context. A good security team will manage to find the time to also identify and address the actual concrete security issues. |
|
|