[tptacek]

Even that is false. Companies that follow these frameworks are performing security, at the expensive actually building security.

[SkyPuncher]

In my experience, the companies not following these frameworks aren't even _performing_ security.

Everyone here is correct that you need more than just these frameworks/audits to be secure. However, most companies that are secure following these frameworks. If you're secure, these frameworks are a no-brainer to certify against.

[tptacek]

No, I reject your premise, for all the reasons I've stated on this thread.