Comments: Audit: when the Economist finally opens up the debate on the silent fraud of the century

Auditors have ALWAYS been crooks - and not only in finance.

The best proof is that they are mandatory under the law.

When people ask money to "audit" source code, they actually resell your code to third-parties (including your competitors) and, at best, charge a premium for merely run a batch of automated tests on it.

Most often, they don't go this far as checking the code and just ASK YOU -the party being audited- to "DECLARE IN GOOD FAITH" that the "regulatory constraints" have been met (using NIST-approved algorithms).

Then, after months of pointless requests, groundless delays and royal fees, you MAY finally get their "approval" and be "certified", that is "trusted".

The result of this gold-plated auditing industry?

- financial crisis (groundless triple-A ratings)
- ubiquitous vulnerabilities in the critical infrastructure

In one word, that's cronyism.

Posted by Plato at March 2, 2015 12:15 PM

Dear Plato,

Nice story - have you got any evidence or references to reselling of source code? This is such a titillating breach of faith that we would love to tell more.

I can fully understand the schlock "automated audit" stuff that the various certifications people get into... To a large extent it is a competitive industry and the product is meaningless to people, so the pressure is on to reduce costs, to preserve margins, and spend on marketing. We call this 'the race to the bottom'.

Unfortunately the people who demand the audit are not really aware of the pain, and don't pay the cost. So don't expect any change soon.

Posted by Iang at March 3, 2015 09:48 AM
Post a comment









Remember personal info?






Hit Preview to see your comment.
MT::App::Comments=HASH(0x55743bd5bf50) Subroutine MT::Blog::SUPER::site_url redefined at /home/iang/www/fc/cgi-bin/mt/lib/MT/Object.pm line 125.