Comment by pmlnr
4 months ago
> Much of things boils down to doing a risk assessment and deciding on mitigations.
So... paperwork, with no real effect, use, or results. And you're trying to defend it?
I do agree with need something, but this is most definitely not the solution.
Putting in mitigations relevant to your size, audience and risk factors is not "no real effect".
If you've never considered what the risks are to your users, you're doing them a disservice.
I've also not defended it, I've tried to correct misunderstandings about what it is and point to a reliable primary source with helpful information.