A dumb questionnaire for security

Jacob Kaplan writes:

This questionnaire is designed for smaller, probably early-stage companies who need to evaluate a vendor..This is for some SaaS product that’ll have particularly high security impact – i.e. a breach of the vendor would be a major, potentially company-ending event. If you’re just trying to decide which ticket tracking system to use, again: just buy one and move on.

I would personally prefer independent security audits and automated at scale for a constant evaluation, instead of a “one-off” event (paid for by the company itself) just for the compliance. It should be made mandatory by the regulating agencies to have the most comprehensive review. Security by design is not the end goal but should remain a benchmark, as part of the licensing and compliance costs for the organisations. I understand that it is a wishful thinking (at times) but an important policy goal.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.