HackerTrans
热门最新趋势评论往期问答秀出招聘

gearnode

no profile record

提交

How to set up PostHog: GDPR, CCPA, and global privacy laws

probo.com
3 分·作者 gearnode·2个月前·0 评论

What Is a Risk in Compliance?

probo.com
1 分·作者 gearnode·2个月前·0 评论

Are you allowed to put that SoC 2 logo on your website?

getprobo.com
2 分·作者 gearnode·2个月前·0 评论

Do you need a SoC 2 report?

getprobo.com
2 分·作者 gearnode·3个月前·1 评论

Stripe Won't Save You from Bad Access Control

getprobo.com
1 分·作者 gearnode·3个月前·0 评论

Potion: Turn your PR review history into Claude Code skills

github.com
3 分·作者 gearnode·4个月前·0 评论

Google Workspace Default Settings Are Insecure

getprobo.com
1 分·作者 gearnode·4个月前·0 评论

An Open Letter to Aicpa and ISO Accreditation Bodies

getprobo.com
3 分·作者 gearnode·4个月前·2 评论

Color-Coded Windows for Git Worktrees on MacOS

github.com
5 分·作者 gearnode·4个月前·0 评论

Lightpanda migrate DOM implementation to Zig

lightpanda.io
199 分·作者 gearnode·6个月前·143 评论

Improper HMAC Signature Verification in auth0/node-jws

github.com
1 分·作者 gearnode·7个月前·0 评论

Mcpgen is a code generator for MCP servers in Go

github.com
2 分·作者 gearnode·7个月前·0 评论

The Silent Leak: How One Line of Go Drained Memory Across Goroutines

medium.com
3 分·作者 gearnode·7个月前·0 评论

Building Effective Agents

simonwillison.net
1 分·作者 gearnode·8个月前·0 评论

Show HN: Granola API Reverse Engineering

github.com
1 分·作者 gearnode·8个月前·0 评论

评论

gearnode
·4个月前·讨论
The division of labor between implementation, documentation, and sign-off isn't the bug. It's the design. Independence between those layers is how you get credible assurance (in theory).

The bug is when nobody actually verifies. The audit firm holds the mandate to look at the full picture. When they sign without doing that, independence becomes a gap. And right now, the bodies supervising those firms aren't enforcing anything when that happens.