The flipside: I've recently been working with a company that was audited and called out for allowing too many security policy exceptions.
As a result, unless you can satisfy every one of their requirements, regardless of mitigating controls, you cannot get installed. Even if you're a security product whose ultimate use case is discovering in-progress exploits.
I'm not sure if that's an example of the system working or being broken. But overall, Information Security is a complicated problem.
As a result, unless you can satisfy every one of their requirements, regardless of mitigating controls, you cannot get installed. Even if you're a security product whose ultimate use case is discovering in-progress exploits.
I'm not sure if that's an example of the system working or being broken. But overall, Information Security is a complicated problem.