In my experience, these forecasts are really good 5-7 days out, and then degrade in reliability (as you would expect from predictions of chaotic systems). The apps that show you a rain cloud and a percentage number are always terrible in my experience for some reason, even if the origin of the data is the same. I'm not sure why that might be.
I agree that regulatory compliance and industries around that can often be theater and it creates regulatory barriers that inhibit startups and competition generally but there must be some method of oversight to ensure that people can trust a system or company without needing to see the internals. For example, we trust our food is healthy because the firm that made it is authorized to do so by the FDA as they comply with the rules established by those regulators. Obviously there are flaws, loopholes, etc, and obviously software is different than health but to an extent we want some guarantees from an externally trusted actor. What is needed in the current SOC2 world that might solve some of the issues you outlined without getting rid of it, or the idea of it, entirely?
>What is needed in the current SOC2 world that might solve some of the issues you outlined without getting rid of it, or the idea of it, entirely?
IMO, nothing. It's not redeemable at all. Since you asked though, here is some thoughts:
Be more like FDA process where software is extensively reviewed, rollback procedures established, and you launch specific version with compliance. So basically two releases, maybe 4 a year.
Disallowing risk mitigation because IMO, that's result of most of problems. Oh yea, we are doing "Terrible Security thing but since fixing is too expensive, here is a bunch of lies about how we have mitigated it."
There is also option to make a government audit with criminal liability for falsifying/misleading auditors. This third-party system where auditors are getting paid results in problems. I've seen plenty of audits where bosses write up auditor requests is extremely specific ways that creatively leave out thing that should never be approved. I've also seen auditors be made aware of problem, then people backtrack, and auditors accept it because "They are also our customer and we need repeat business."
I use these and Windy: https://www.windy.com/
In my experience, these forecasts are really good 5-7 days out, and then degrade in reliability (as you would expect from predictions of chaotic systems). The apps that show you a rain cloud and a percentage number are always terrible in my experience for some reason, even if the origin of the data is the same. I'm not sure why that might be.