Tangential to this but do ISO certifications make sense or are they security theater as well?
And another question but as a consumer, is there any certification which can meaningfully try to show if people/business take their security carefully or are all things security theater in that aspect and at some point, we just have to trust the enterprise and look for other signals of security (like for example blog posts which might show a deep-dive into security for example comes to my mind)
Not really. As long as current system where auditors are also clients of company being audited, the conflict of interest is too high.
Also, not to mention in many countries, the cost of getting breached is nothing so many companies are willing to just hope for the best and payout in case of the worst.
For enterprise sales you can get a SOC 2 Type I faster than any enterprise sale goes through. Typically, most enterprises are okay if you show them proof that you are "in the process" of getting the certification by showing them that you have signed up with one of those platforms (Delve, Vanta, etc.), so you would be okay to start only when you are about to close one of those enterprise deals.
Yeah, we got a signed letter of engagement from our auditor, which was enough to unlock a customer without having to go through any sidestepping process.
> If there is more congestion it is because you made some trips that were impossible before possible and so people are better using your city.
No, this means that the trip was made easier by car, not that a trip was impossible and is now possible.
> limiting the things people can do means you are a bad city.
Not building massive freeways everywhere != limiting the things people can do in a city. Building public transit and better cycling infra is a much more effective way to allow people to do more things.
> if you don't believe me explain why there is no congestion west of Jamestown ND - an area where few people live that has a 4 lane freeway which by your logic should have congestion anyway
Yes, in certain circumstances, you can build big enough roads where the capacity is greater than the demand. This does not work in populated areas with high demand. (This is incredibly well studied)
> this means that the trip was made easier by car, not that a trip was impossible and is now possible.
If someone chooses to not make a trip then I count it as impossible. I could walk across the North Pole to Europe, but I think everyone would agree when I say the trip is impossible anyway despite that.
> This does not work in populated areas with high demand. (This is incredibly well studied)
You absolute can and I disagree with the studies. Now I will agree that building 50 layers of highway bridges needed is not a reasonable thing to do, but it still a solvable engineering challenge if we wanted to put the money into it.
We were considering getting certified, but it only really makes sense if your customers require you to have it.
reply