From the early days of commercial computing, security has been an integral part of the software. But compliance is a recent development and has gained significant ground in the past two decades. Given the alphabet soup of compliance standards and frameworks, it is tempting to believe that being more compliant is being more secure; and conversely, a system that is not compliant is not secure.