Comment by bpt3
10 hours ago
Okay, if you want to pass responsibility off to someone else, how does the third party auditor do it?
I'm not talking about checking a compliance box, I'm talking about actually confirming no backdoor exists.
10 hours ago
Okay, if you want to pass responsibility off to someone else, how does the third party auditor do it?
I'm not talking about checking a compliance box, I'm talking about actually confirming no backdoor exists.
That's proving a negative. You are always going to end up with something like 'to the best of our ability'.
You figured it out. It's trivial to include a backdoor in a large system of systems, and one placed by a remotely competent adversary will not be found.
So what's the point of a regulation that can't be enforced?
So you claim it's never possible to audit anything?