• 0 Posts
  • 7 Comments
Joined 9 months ago
cake
Cake day: March 2nd, 2024

help-circle



  • Yup, but you have to think “how would malicious software/spyware/whatever get in our source code and if it does, how would we detect it?”

    that’s where ISO and SOC II add value and give some assurance that detective, preventative and corrective controls exist and are working to prevent an issue.

    If the company maliciously inserts back doors into closed source code and sells it like that, no amount of external audit is going to defend against that because they’ll just hide the code from the auditors.