I’d think any company big enough or working in certain markets which has a Compliance Officer cares about this; regulations are a legitimate business risk, and software integration contracts have security control compliance requirements which very much impact the sdlc.

Would you have the same reaction to requiring an approval for a production deployment? That’s driving the development process.

—-

Also jfc I need to cool it with the buzzwords, sorry I just got home from “talk like this all day” $job