| ▲ | tptacek a day ago | ||||||||||||||||
The damage this will do to the reputation of the SOC2 Security Attestation is incalculable. | |||||||||||||||||
| ▲ | coryrc a day ago | parent | next [-] | ||||||||||||||||
As someone unfamiliar with the topic, should I read this comment as very dry humour? | |||||||||||||||||
| |||||||||||||||||
| ▲ | kirubakaran a day ago | parent | prev | next [-] | ||||||||||||||||
Incalculable due to division by zero error | |||||||||||||||||
| ▲ | colechristensen a day ago | parent | prev | next [-] | ||||||||||||||||
Does SOC2 in general have a particularly high reputation? The only security compliance frameworks that have any particular reputation with me are the ones associated with the department of defense where the consequences range between a slap on the wrist warning or a small 5 figure fine to execution for espionage (which only ever happened for Julius and Ethel Rosenberg, though one could imagine there may have been more, uh, unofficial consequences that nobody ever heard about). In other words, people actually care about the enforcement of security standards in meaningful ways and there are meaningful consequences. Everything else... well they're all at least a little better than a participation trophy and the process proving you're trying isn't meaningless. It's just not been my experience with these things that they're particularly good guarantees that the spirit embodying the compliance program is actually being done particularly well. | |||||||||||||||||
| |||||||||||||||||
| ▲ | jiveturkey a day ago | parent | prev [-] | ||||||||||||||||
i don't think you can really descend below zero? | |||||||||||||||||