> If you're basing SOC2 compliant requirements on a "used by" signal, then the misdirection is potentially catastrophic.
I'm absolutely not basing it only on that, but it is an early signal. There are likely many options for any specific tool. "Used by" can help me differentiate between the side-project and the meaningful company before I go too far down the rabbit hole.
I'm absolutely not basing it only on that, but it is an early signal. There are likely many options for any specific tool. "Used by" can help me differentiate between the side-project and the meaningful company before I go too far down the rabbit hole.