|
|
|
|
|
|
by smaller-infinty
459 days ago
|
|
|
I think that, at least for b2b software, there's a lack of appreciation here for the role compliance plays. The author cites both googles and Microsofts office tools, but they really suck. My fiancee has to use Microsoft, and now I do too; no one likes them! Their janky online office actually deletes text as I type! However, I know that the only reason my company is using it is because it makes compliance really easy, and they just don't have the bandwidth to take on more. This is further complicated by microsofts, let's say not great security record, which indicates that security compliance is really more of a box checking activity than anything else. This is where Europe could come in. By lowering the barrier or, even better, coming up with requirements that required something closer to real security, you could seriously challenge these US companies. |
|
|
Being in security for years now, I'm not sure that's possible. At the end of the day real security is a massive onion with lots of layers. Most of the time I'm dealing with crappy security consultants I would not say their recommendations are made up whole cloth. I would say misapplication of requirements from different security contexts is one of the most common problems, and after that examining shallow issues for checkboxes rather than fundamental issues of applications.