Security audits are just theater. If they were not, you could not ever convince them that using a platform feeding unlicensed source (including apparently from private repositories) to their commercial LLM is ever a pass.
we are EU based and have besides other attorney customers.
Cloud Act and more then just one or two cases of the US engaging in industry espionage against their allies(1) makes it a high legal liability to use more or less any service from a US company even if it's in the EU and a EU daughter company
On GitHub we only have some code, which always anyway goes through additional testing and analysis before hitting production, this is why it's barely okay. No code from GitHub directly goes to production.
The only reason we ever where on GitHub is because we didn't always had sensitive customers and switching CI over is always a pain.
So I don't know if imply them being incompetent for allowing GitHub or for wanting to not allow it, but both point have very good reasons.
(1): And I mean cases before Trump, the US (as in top government, not people) was always a highly egoistic, egocentric ally which never hesitated to screw over their allays when it came to economical benefits. The main difference is that in the past the US cared (quite a bit) about upholding a image of "traditional" values like honesty, integrity and reliability. Especially when it would affect their trade routes.
yes auditors from a security audit
you could barely convince your auditors that using github was okay? well, my opinion of security audits is reaffirmed
Security audits are just theater. If they were not, you could not ever convince them that using a platform feeding unlicensed source (including apparently from private repositories) to their commercial LLM is ever a pass.
8 replies →
we are EU based and have besides other attorney customers.
Cloud Act and more then just one or two cases of the US engaging in industry espionage against their allies(1) makes it a high legal liability to use more or less any service from a US company even if it's in the EU and a EU daughter company
On GitHub we only have some code, which always anyway goes through additional testing and analysis before hitting production, this is why it's barely okay. No code from GitHub directly goes to production.
The only reason we ever where on GitHub is because we didn't always had sensitive customers and switching CI over is always a pain.
So I don't know if imply them being incompetent for allowing GitHub or for wanting to not allow it, but both point have very good reasons.
(1): And I mean cases before Trump, the US (as in top government, not people) was always a highly egoistic, egocentric ally which never hesitated to screw over their allays when it came to economical benefits. The main difference is that in the past the US cared (quite a bit) about upholding a image of "traditional" values like honesty, integrity and reliability. Especially when it would affect their trade routes.