> You can't jump in and "evaluate" without knowing context and being familiar with the features.
Yes you can, it's called an audit and there is nothing wrong with that. The company you work for should have regular security audits for instance, ideally done by a third party rather than internally to eliminate bias. This isn't a "code review".
Yes you can, it's called an audit and there is nothing wrong with that. The company you work for should have regular security audits for instance, ideally done by a third party rather than internally to eliminate bias. This isn't a "code review".