Or maybe snake oil is the wrong term. I don’t know if there’s a term for someone who warns others and they never listen, because it seems no matter how much you break into buildings and expose the flaws, hack a bank’s transaction, or infiltrate a database, the company will thank you, pay you a few hundred thousand dollars, then do nothing to change.
Essentially it just seems like I’m helping big companies bypass regulations by rubber stamping their pinky promises to change. I guess internal security auditing might be a little better, but I don’t know
I think it is grift mostly. Big companies get a lower insurance premium if they pay to have it done or whatever. So they do the test. Ignore the results and if anyone ever tries to sue, you have a receipt saying you did your due diligence