Great response, Jay Rodgers. I appreciated Jonathan Solórzano-Hamilton’s follow-up to your follow-up as well. Super-quick request: Would you mind elaborating on the following paragraph, or referring me to anything that you’ve written about this already? :

I’ve seen flagship projects for large companies that have completely eschewed best-practice security frameworks in favour of developing this in-house because they weren’t aware that you aren’t supposed to do that.

Cheers.