i open the I Ching
i open the I Ching
a pretty grafana dashboard? peak web traffic looks a lot nicer than i thought!
go on, squeeze in one more unelected prime minister before the election!
yes so you’re agreeing with me
Yup, but you have to think “how would malicious software/spyware/whatever get in our source code and if it does, how would we detect it?”
that’s where ISO and SOC II add value and give some assurance that detective, preventative and corrective controls exist and are working to prevent an issue.
If the company maliciously inserts back doors into closed source code and sells it like that, no amount of external audit is going to defend against that because they’ll just hide the code from the auditors.
the closest you’ll get is probably SOC II Type 2 or ISO 27001. While nowhere near perfect, those certifications validate that organisational controls such as change management, employee background screening, SDLC and production access controls functioned over the past 12 months. An external audit by an accredited specialist is required to obtain those certifications.
give them a break - it’s taking all their time, money and energy to lobby for cheap, high quality, long range, compact vehicles made in Asia to be banned from the US or tariffed into oblivion.
Theresa May is stepping down. Liz Truss sadly remains although we’ll see what the general election brings.
jokes on them I already sent in my postal vote