Hello,
If you look at below CCM v4 guidelines, it says application security is shared responsibility for IaaS , PaaS. Application security metrics and secure application design/development is CSC responsibility and how come we can say it is shared responsibility. Max to max CSP can provide hardened infra but CSP can't take application security responsibility as per below screenshot. Can someone from CSA clarify my concerns ?
Regards,
Ankit Sharma
------------------------------
Ankit Sharma
Security Advocate
Cisco Systems
------------------------------