Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

To be honest, I would even go further: if you think certification equals security, you are even more lost.

So many controls are dubious, sometimes even actively harmful for some set-ups/situations.

And even moreso, it's also perfectly feasible to pass the gates with a burning pile of trash.



And they do not track the industry at all, at best they'll help you win the war of five years ago.


Imagine my face when I had to take periodic backups of stateless, immutable read-only filesystem, non-root containers for "compliance".


Maybe that's just a goid moment to review your _policy_. About a half of our compute is exactly that, and we just don't have to do this sort of backups, that'd be silly.

We don't deal with the military though, only fintech (prime brokers and major banks, funds) some government. Plenty of certifications (have someone all site all year round),!no silliness.


That's hilarious :)

Ook goeiemorgen...




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: