Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

SOC2 is behind a lot of that. Companies need to be compliant to sell into enterprises. They don’t want to go through the compliance process for each individual team, so they try to standardise. Lots of locally optimised teams don’t necessarily make an effective and efficient system.


> SOC2 is behind a lot of that.

Which might actually be a good thing in disguise.

Lots of companies do random things that just look good from the outside. I've been to places where code review wasn't a thing until SOC2 forced their hand and even then it wasn't well enforced.


Yes, I agree. SOC2 is the closest we have to a “professional standard” in engineering right now, and it’s forcing a lot of changes.




Consider applying for YC's Winter 2026 batch! Applications are open till Nov 10

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: