Wednesday, January 25th, 2023, 6:30 am
ISO Certificates Are Like NFTs (Worthless Junk)
Filed under: Video download link | md5sum 826d1eaa331010c952d7b97f3736f836
ISO Certification Did Nothing
Creative Commons Attribution-No Derivative Works 4.0
Summary: The real-world threats faced by private companies or non-profit organisations aren’t covered by the ISO certification mill; today we publish the last post on this topic before proceeding to some practical examples
WORKING for a company that publicly and openly boasts 2 ISO certifications means that expectations (or perception) can be compared to reality. At Sirius ‘Open Source’, where I had worked since 2011, I saw all sorts of poor security practices, even in more recent years when ISO certifications were bragged about to existing/potential clients.
There is no point trying to deflect the attention to accuser. At the moment the company is too broke for workers to sue (and eventually truly win in a monetary sense); it’s also too broke for its clients to sue. Winning in court against an insolvent company would be a Pyrrhic victory. What matters here is the truth. It can hopefully caution others.
We still have quite a bit left to cover. We’re going to cite practical examples of stuff being done to the detriment of privacy and security of staff, not to mention clients. Free software is a pragmatic choice, but when managers use proprietary software they go not ‘get’ that.
