So they need to certify that the third party has the right processes in place, a... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		breadwinner on July 20, 2024 \| parent \| context \| favorite \| on: Ask HN: Can anyone from Crowdstrike explain the ba... So they need to certify that the third party has the right processes in place, as opposed to certifying the binary output. Look up SOC 2.

isbvhodnvemrwvn on July 20, 2024 [–]

You can do checkbox exercises all day, won't make a difference.

Nearly all banks have long long lists of certification, they still have extremely bad customer-side security processes because you can "interpret" various guidanecs and pay the right auditors enough to have it ignored.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact