Teaching to the Test. Why It Security Audits Aren’t Making Stuff Safer - Bullshit Work in enterprise security. // Plus, why not start with basics before going advanced: ‘The world would be better off if organizations stopped wasting so much time and money on these vendor solutions and instead stuck to much more basic solutions. Perhaps if we could just start with “have we patched all the critical CVEs in our organization” and “did we remove the shared username and password from the cloud database with millions of call records”, then perhaps AFTER all the actual work is done we can have some fun and inject dangerous software into the most critical parts of our employees devices.'