|
|
|
|
|
|
by bawolff
993 days ago
|
|
|
> And then there are those who just want to see a documented risk acceptance and will happily tolerate some criminally insecure or stupid shit The job of an auditer isn't to make you secure, its to make sure you aren't lying about implementing your security policies. If your policies are stupid, all they are going to do is ensure you follow your stupid policies. |
|
|