One additional example I know of, which I do not have personal experience with but know that a lot of people do have experience with, is compliance with PCI DSS (for credit card processing). Which does deal with safety in an adversarial setting where the threat model isn’t super clear.
(my interactions with it look like “yeah that looks like a lot and we can outsource the risky bits to another company to deal with? great!”)
This seems great!
One additional example I know of, which I do not have personal experience with but know that a lot of people do have experience with, is compliance with PCI DSS (for credit card processing). Which does deal with safety in an adversarial setting where the threat model isn’t super clear.
(my interactions with it look like “yeah that looks like a lot and we can outsource the risky bits to another company to deal with? great!”)