|
|
|
|
|
|
by pixl97
461 days ago
|
|
|
>coming up with requirements that required something closer to real security Being in security for years now, I'm not sure that's possible. At the end of the day real security is a massive onion with lots of layers. Most of the time I'm dealing with crappy security consultants I would not say their recommendations are made up whole cloth. I would say misapplication of requirements from different security contexts is one of the most common problems, and after that examining shallow issues for checkboxes rather than fundamental issues of applications. |
|
|