at best it's "cover your ass security" so when you do get pwned you can say you went through an "accrediting auditor" - blah blah blah.
replyAgreed on everything you said. Just wish there was a more efficient way to do things :/
Yep, some stakeholder wants a pen-test or an audit so you do it and address the findings to keep them happy. Going through it now at work - bunch of silly findings because the pen testers know they don't get paid to send back an empty report and tell you everything is fine.
reply