Reassuring Words and Good Intentions Don't Mean Good Security
How much can you trust the assertions made by an organisation regarding their security posture? I don't mean to question whether the statements are truthful or not, but rather whether they provide any actual assurance whatsoever. For example, nearly 5 years ago now I wrote about how "we take security seriously" was a ridiculous statement to make immediately after a data breach. It seems that not much has changed since then: “At Comodo we take security very seriously and it is our highest priority.” A classic opening to an all too familiar announcement. Not a good day for any #CyberSecurity company.@comododesktop @troyhunt #InfoSec #DataBreach pic.twitter.com/JxGzS9evtT — Nigel Cox (@Harlekwin_UK) October 2, 2019 “We take security...