Comment by twunde

Don't forget the cases where the companies are deliberately lying to customers. I worked at a company that pretty much lied to its customer's security teams about what they did. Not borderline, but claimed things they didn't do and didn't have plans to implement. This is what the SOC2 audit is for.