Comment by bpt3
8 hours ago
Okay, if you want to pass responsibility off to someone else, how does the third party auditor do it?
I'm not talking about checking a compliance box, I'm talking about actually confirming no backdoor exists.
8 hours ago
Okay, if you want to pass responsibility off to someone else, how does the third party auditor do it?
I'm not talking about checking a compliance box, I'm talking about actually confirming no backdoor exists.
So you claim it's never possible to audit anything?
That's proving a negative. You are always going to end up with something like 'to the best of our ability'.
You figured it out. It's trivial to include a backdoor in a large system of systems, and one placed by a remotely competent adversary will not be found.
So what's the point of a regulation that can't be enforced?