And, in the interest of full disclosure, the only real reason I commented at all: I was following the some of the "advice" at "https://news.ycombinator.com/item?id=12897921" in hopes of being able to gain all of one additional karma, so I can verify this account with Keybase.
Sorry, perhaps I was a bit too pithy in the way I phrased that. I wasn't trying to call into question the certifications, as they were conducted, at the time they were conducted, or implying their scope would change. What I was (perhaps too snarkily) trying to point out is that by unifying—vertically integrating—a previously independent MDM provider with the company that provides the MDM platform, that the promise "we are committed to operating our business in compliance with these standards every year going forward" is highly questionable at this point, unless Apple is committed to maintaining Fleetsmith's independence. Perhaps I should loosen my point even further by asking: how many more papers like https://i.blackhat.com/us-18/Thu-August-9/us-18-Endahl-A-Dee... should we expect Mr. Endahl to be releasing in the future?
Ok. So what exactly happens to Fleetsmith's coveted ISO 27001 and SOC 2 certifications? Barely four months ago Jesse Endahl promised: [0]
"Achieving compliance with the SOC 2 and ISO 27001 standards means that we are committed not just this year or the next — we are committed to operating our business in compliance with these standards every year going forward. Our auditors will request evidence to prove that we’ve continued to follow the policies, processes, and technical controls we’ve put in place on an annual basis. We look forward to demonstrating, year after year, that we’re worthy of your trust.
To get access to our SOC 2 report and ISO 27001 certificate, get in touch at [email protected]."
Apple has an ISO 27001 certification for Apple Business Manager, but I don't exactly see them being so hot on an independent CPA auditing their accounting practices for an AICPA certifications.
Personally, I think Fleetsmith being under Apple's control (a full service MDM solution provided solely by Apple), renders these certifications meaningless.
But hey, do you think if I email [email protected], they'll be happy send me Apple's ISO 270XX certifications now?
As near as I can tell, only if it's a default install.
In my `brew config` it always defaults to:
...
Homebrew Ruby: 2.3.7 => /System/Library/Frameworks/Ruby.framework/Versions/2.3/usr/bin/ruby