> "These inaccurate, unsubstantiated and dated claims don’t reflect our commitment to keeping personal information safe. Amazon has comprehensive, long-established privacy and security policies, procedures and technologies in place.
Every company has Policies. Zero companies have Realities which match their policies. This means nothing.
> We regularly audit our services to ensure compliance and have zero tolerance for employees at all levels who do not follow our policies,"
The only people who trust security auditors are people who haven't been through a security audit. Many companies who've been hacked were audited. This means nothing.
While security audits are woefully behind the times, they’re not nothing. They do make companies take security seriously, to an extent. The problem with security is that it’s often not enough, you just need one weak spot to break through.
> Every company has Policies. Zero companies have Realities which match their policies. This means nothing.
Throughout the years I've grown a dislike of company policies.
They feel like a tool designed to discard accountability down the totem pole.
An executive asks an underling to write a policy, he publishes the report with or without a revision or care, and from thereon any and all responsibility regarding a problem is automatically circumscribed to the poor entry-level bastard who was forced to something remotely related to the policy.
Every company has Policies. Zero companies have Realities which match their policies. This means nothing.
> We regularly audit our services to ensure compliance and have zero tolerance for employees at all levels who do not follow our policies,"
The only people who trust security auditors are people who haven't been through a security audit. Many companies who've been hacked were audited. This means nothing.
reply