Ask HN: How do you vet that they take security seriously?
2 by jfolkins | 1 comments on Hacker News.
The term "We take security seriously" has almost become a joke. Every corporation or company throws it around. Recently on a vulnerability disclosure, a megacorp stated that very line but then proceeded to hide critical details and handle things poorly. What is the sniff test for you when deciding if a company actually does in fact take security seriously? Also, what companies are more progressive and are actively pushing security as a differentiator? I seem to remember a company recently that not only had 3rd party code audits performed but they even disclosed details of what the auditor found. I cannot however recall the name. Thanks
The term "We take security seriously" has almost become a joke. Every corporation or company throws it around. Recently on a vulnerability disclosure, a megacorp stated that very line but then proceeded to hide critical details and handle things poorly. What is the sniff test for you when deciding if a company actually does in fact take security seriously? Also, what companies are more progressive and are actively pushing security as a differentiator? I seem to remember a company recently that not only had 3rd party code audits performed but they even disclosed details of what the auditor found. I cannot however recall the name. Thanks
No comments:
Post a Comment