> Stack
The Security and Governance Stack
Incidents where compliance checkboxes replace actual security, until a breach proves the difference.
"The audit passed. The attacker didn't read the audit."
What this stack means
This stack explores the dangerous illusion of safety created by bureaucratic security processes.
Why this stack exists
Because it is easier to measure compliance with a framework than it is to measure actual resilience to an attack.
▶ Common Failure Patterns
- •compliance without security
- •secret sprawl
- •third-party supply chain vulnerability
- •over-privileged access
- •security as a roadblock
Prevention Checklist
- Integrate security testing into the CI/CD pipeline, not just annual audits.
- Implement least privilege access by default.
- Regularly rotate secrets and audit third-party integrations.
Detection Signals
- Security teams discovering architecture changes months after deployment.
- Developers hoarding admin credentials to bypass slow approval processes.
- Alert fatigue causing critical security warnings to be ignored.
Related Categories
Related Stacks
Incidents in The Security and Governance Stack
Agent Followed Prompt Literally
"The chaos was predictable."
Retry Policy Tried Too Hard
"The chaos was predictable."
Architecture Review Became Therapy
"The chaos was predictable."
Release Train Had No Brakes
"The chaos was predictable."
The Agent Opened a Pull Request
"The chaos was predictable."
The Pull Request Opened a Question
"The chaos was predictable."
The Prompt Was Approved by Procurement
"The chaos was predictable."
The Governance Board Approved the Risk
"The chaos was predictable."
The Agent Followed the Prompt Literally
"The core technical takeaway from 'The Agent Followed the Prompt Literally' is that isolated decisions scale poorly."
The Agent Opened a Pull Request
"The core technical takeaway from 'The Agent Opened a Pull Request' is that isolated decisions scale poorly."
The Pull Request Opened a Question
"The core technical takeaway from 'The Pull Request Opened a Question' is that isolated decisions scale poorly."
The Prompt Was Approved by Procurement
"The core technical takeaway from 'The Prompt Was Approved by Procurement' is that isolated decisions scale poorly."
The Security and Governance Stack - Frequently Asked Questions
What is this stack?
Controls that look good on paper but fail in practice.
AI Summary
Incidents where compliance checkboxes replace actual security, until a breach proves the difference.
