Comment by bigfatkitten

Comment by bigfatkitten 21 hours ago

0 replies

View on Hacker News

You would probably have no idea what the requirement actually said or where it ultimately came from.

It would've gone from the insurer to the legal team, to the GRC team, to the enterprise security team, to the IT engineering team, to the IT support team, and then to the user.

Steps #1 to #4 can (and do) introduce their own requirements, or interpret other requirements in novel ways, and you'd be #5 in the chain.