Accidental CISOIf you are doing vendor security assessments for your employer, it is your job to assess the risk associated with vendors so that your leadership can make decisions.
It is not your place to bully the vendor.
Thank you for coming to my Ted Talk.
Viss@accidentalciso it is then the businesses job to flatly ignore your recommendations and use the vendor anyway, despite that you find all the data from your account exposed on an open s3 bucket, told them, and they downplayed it as not a problem