HackerTrans
TopNewTrendsCommentsPastAskShowJobs

craxdevil7

no profile record

Submissions

[untitled]

1 points·by craxdevil7·vor 2 Jahren·0 comments

[untitled]

1 points·by craxdevil7·vor 2 Jahren·0 comments

Terraform State Management using refresh, untaint and rm

medium.com
1 points·by craxdevil7·vor 2 Jahren·0 comments

Query Builder in Golang for Opensearch

medium.com
2 points·by craxdevil7·vor 2 Jahren·0 comments

Google's Quickshare was found vulnerable to RCE

medium.com
2 points·by craxdevil7·vor 2 Jahren·1 comments

DDoS attack on Twitter, when Musk was going to interview Trump

29 points·by craxdevil7·vor 2 Jahren·20 comments

The Cybersecurity Toolbox: More Like a Junk Drawer

medium.com
3 points·by craxdevil7·vor 2 Jahren·0 comments

comments

craxdevil7
·vor 2 Jahren·discuss
If just having a customer is the goal, before being in talks with a customer who really want you to be SOC2 compliant, its definitely a waste of your resources- time and money. I would suggest, when you find such customers, and they really like your product and an audit like SOC2 is what is behaving like a deal breaker, only then go for SOC2
craxdevil7
·vor 2 Jahren·discuss
there are single points of failure that will continue existing in our digital space. Rust is definitely memory safe, the issue here comes to failed process and bad practices. https://medium.com/@confusedcyberwarrior/our-fragile-digital...
craxdevil7
·vor 2 Jahren·discuss
The link you provided for Wikipedia, even that says SOC means System and Organization, and also in brackets it is also known as Service Organization.

Regarding the rest of your comment:

- SOC2 Report: While it is true that SOC2 audits result in a report, it's important to clarify that the SOC2 framework was indeed developed by the American Institute of CPAs (AICPA) and is primarily focused on the security, availability, processing integrity, confidentiality, and privacy of a service organization’s systems. This makes it highly relevant to the security industry, even if it has roots in the financial industry.

- Audit vs. Report: The SOC2 process involves an audit where an external auditor assesses the controls in place. The outcome of this audit is a detailed report that evaluates how well an organization meets the trust service criteria. So, saying "SOC2 is an audit and not a report" is somewhat misleading, as the audit process culminates in the generation of the SOC2 report.

I hope this clarifies any confusion.
craxdevil7
·vor 2 Jahren·discuss
[dead]
craxdevil7
·vor 2 Jahren·discuss
thats true, it is disheartening when security controls are only seen as a checklist to comply with some framework, and not actually implemented. https://medium.com/@confusedcyberwarrior/what-is-soc2-how-to... This gives a false sense of security, which is further bad for cyber space. Crowdstrike incident on other hand shows that how we still have single points of failure on our supposedly secure and safe systems. https://medium.com/@confusedcyberwarrior/when-security-becom...
craxdevil7
·vor 2 Jahren·discuss
SOC2 is not a certification, it is a report. Here's soc2 explained in simple terms: https://medium.com/@confusedcyberwarrior/what-is-soc2-how-to...
craxdevil7
·vor 2 Jahren·discuss
true, got some insights why this happened https://medium.com/@confusedcyberwarrior/when-security-becom..., but how they didn't had an update process like testing or QA?
craxdevil7
·vor 2 Jahren·discuss
https://medium.com/@confusedcyberwarrior/when-security-becom...