|
|
|
|
|
|
by yread
827 days ago
|
|
|
> There’s also the “our lawyers made us choose our technology stack” excuse, the enterprise version of “the dog ate my homework:” This is a real thing. Even if you think including complex random unaudited opensource software with huge attack surface doesn't endanger your security, it does significantly increase the amount of work you need to do if you want ISO 27001 or similar cert |
|
|
Not true in my experience. We used a lot of "open source" software at work but that didn't matter in the certification. Maybe it depends on the auditor.