| Rich Kulawiec on 6 Apr 2018 03:14:56 -0700 |
[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]
| Re: [PLUG] Fwd: [FD] Massive Breach in Panera Bread |
On Tue, Apr 03, 2018 at 04:07:11PM -0400, Keith C. Perry wrote: > That's a big deal... this guy did the right thing, kept it quite- just > fix it. These folks still did nothing until it went public. They're going > to need to start penalizing organizations if they can't demonstrate they > took corrective action. That's not going to happen. It *should* happen, but it won't. Instead, this is what's going to happen: Georgia criminalizes routine security research https://boingboing.net/2018/03/30/bruce-thompson-404-656-0065.html and this why I never report issues to vendors/operations privately (they will ignore the reports) and why I never report them in my own name (they will try to shoot the messenger). Instead, I publish them anonymously with no advance notice, because experience has shown that's the best way to get them to pay immediate attention and to avoid being blamed for their mistakes. Wish it didn't have to be that way, but that's where we've arrived. ---rsk ___________________________________________________________________________ Philadelphia Linux Users Group -- http://www.phillylinux.org Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug