Wendy NatherRE: https://infosec.exchange/@haroonmeer/116302199884409478
Focusing not on what will work, but what will sell.
evacide@wendynather I think that this is at least partly because there appear to be very few consequences for making and selling products that don't work. By the time the implementation is done and people notice it doesn't work, the person who signed the contract has moved on.
@evacide Also, it’s very hard to define unequivocally what “work” means. “You must have configured it / prompted it wrong.”
Michael Weiss@wendynather @evacide very few customers put terms in the contract about the product working as promised in the marketing materials. It's one of the things I press on in TPRM. Not that I'm always listened to, but there's only so much I can do.
In the end I tell them it's their decision to make, but they won't be able to claim ignorance later. 🤷