| ▲ | Imustaskforhelp a day ago | |
Tangential to this but do ISO certifications make sense or are they security theater as well? And another question but as a consumer, is there any certification which can meaningfully try to show if people/business take their security carefully or are all things security theater in that aspect and at some point, we just have to trust the enterprise and look for other signals of security (like for example blog posts which might show a deep-dive into security for example comes to my mind) | ||
| ▲ | stackskipton 18 hours ago | parent [-] | |
Not really. As long as current system where auditors are also clients of company being audited, the conflict of interest is too high. Also, not to mention in many countries, the cost of getting breached is nothing so many companies are willing to just hope for the best and payout in case of the worst. | ||