Some of you will remember the 1970s film Marathon Man which starred Dustin Hoffman. The most famous scene involves him being asked over and over ‘is it safe?’, not having a clue what his interrogators are after his answers range from exclaiming: he doesn’t know what they are talking about to a series of positive and negative confirmations. All along he is being tortured through dentistry. If you are involved in information security, privacy, and/or, compliance, you will no doubt have been involved in evaluating the security, privacy, and compliance of software. Sometimes called a risk assessment and/or privacy impact assessment, hopefully taking a risk-based perspective in the context of the ask. The merry dance of trying to discover if the software is secure from a whole host of angles, whilst the requestor is waiting agitated in the wings proclaiming that ‘big company acme already uses this, surely it is fine…’. A kind of torture where the people you are asking the questio...