←back to thread

1.1.1.1: Fast, privacy-first consumer DNS service

(blog.cloudflare.com)
1895 points _l4jh | 1 comments | 01 Apr 18 12:14 UTC | HN request time: 0s | source
Show context
bogomipz ◴[01 Apr 18 19:07 UTC] No.16729876[source]
>"And we wanted to put our money where our mouth was, so we committed to retaining KPMG, the well-respected auditing firm, to audit our code and practices annually and publish a public report confirming we're doing what we said we would."

It's worth pointing out that KPMG was Wells Fargo's independent auditor while the bank recently committed fraud on a massive scale by creating more than a million fake deposit accounts and 560,000 credit card applications for customers without their knowledge or approval.[1]

Calling KPMG a "well-respected auditing firm" when they failed to detect over a million fake bank accounts is a joke. See:

https://www.reuters.com/article/wells-fargo-kpmg/lawmakers-q...

[1] https://www.warren.senate.gov/files/documents/2016-10-27_Ltr...

replies(10): >>16729897 #>>16730009 #>>16730105 #>>16730119 #>>16730193 #>>16730271 #>>16730746 #>>16730782 #>>16731153 #>>16731246 #
1. lillesvin ◴[01 Apr 18 23:30 UTC] No.16731153[source]
Not that I really want to defend KPMG here, and this is obviously entirely anecdotal, but my team had our application code assessed by them (by request of the customer, so they could get some pointers on what kind of development they needed to focus on). I spent 2 days talking to them, answering questions, showing them data flows, database layouts, system diagrams, etc. They also required access to our source control (making the "let's remove this before the audit" idea pretty useless), issue tracker, etc.

The 2 people that I was in contact with were both competent and experienced. Definitely not "young grads who have never worked in an actual IT/software dev team" as someone claimed elsewhere.