Simon Willison’s Weblog

Subscribe

Thursday, 7th July 2022

SOC2 is about the security of the company, not the company’s products. A SOC2 audit would tell you something about whether the customer support team could pop a shell on production machines; it wouldn’t tell you anything about whether an attacker could pop a shell with a SQL Injection vulnerability.

Thomas Ptacek

# 8:31 pm / security, thomas-ptacek, fly

2022 » July

MTWTFSS
    123
45678910
11121314151617
18192021222324
25262728293031