Discussion about this post

User's avatar
Aram H's avatar

Excellent content explaining in-depth the realities of the whole issue around audit vs real security mindset. OWASP compliance isn't a thing though despite companies out there still trying to claim that.

Expand full comment
Thanos Vrachnos's avatar

What an amazing approach! Been questioning myself many many times. A challenging question though is which mindset to choose when compliance with a standard is not just a requirement or nice to have but an absolute business enabler. In other words, if you ate not compliant with standard X, you cannot sell to anyone. Is a balance achievable in that case, especially when the standard is old-fashioned?

Expand full comment
5 more comments...

No posts