Comment by zobzu

6 days ago

ive seen: -"but ios can be jailbroken and it doesnt have an AV!" while the MDM does not allow jailbroken devices, and they also allowed sudo on linux.

auditors are clueless parasites as far as im concerned. the whole thing is always a charade where the compliance team, who barely knows any better tries to lie to yhe auditor, and the auditor pick random items they dont understand anyway. waste of time, money and humans.

3 comments

zobzu

virtue3 6 days ago

at best it's "cover your ass security" so when you do get pwned you can say you went through an "accrediting auditor" - blah blah blah.

Agreed on everything you said. Just wish there was a more efficient way to do things :/

jamesfinlayson 6 days ago

Yep, some stakeholder wants a pen-test or an audit so you do it and address the findings to keep them happy. Going through it now at work - bunch of silly findings because the pen testers know they don't get paid to send back an empty report and tell you everything is fine.

surcap526 5 days ago

[dead]