| ▲ | throw310822 a day ago | |
> but the point is that someone cares Is it true, though? Or has everyone just been psyched into asking for that certification out of a vague fear of "consequences" or of being left behind? | ||
| ▲ | chromacity a day ago | parent [-] | |
It's not either-or. Companies care about security because of the consequences. If you're a big company contracting a small one, you don't want to get owned through that vendor because you know you'll be the one holding the bag (data loss, reputational damage, regulatory scrutiny, lawsuits). Small vendors will tell you what you want to hear because they're desperate for your business. Independent auditing is, in theory, a way to get closer to the ground truth. Well, in theory. | ||