|
|
|
|
|
|
by 0xmutt
1071 days ago
|
|
|
I agree with this notion. The issue is you need the security attestation and certifications to give folks in the sales cycle the warm fuzzies. These pedantic measures are directly a pathway to sales enablement and revenue. The actual securing and maturity work is a side benefit. On the other side of the coin, if a vendor does not have paperwork and evidence to support their programs - how does one as a purchaser or security reviewer verify? Organizations only act truthful to an extent that benefits them. Quality of audits and supporting paperwork is a real mixed bag. Unless you’re an Amazon you’re not going to get the chance to audit your vendors and sub processors outside of reviewing this type of documentation. The entire process is broken. |
|
|