being contrary
Of course Equifax had thousands of unpatched vulnerabilities. I defy any company that size to run a competent vulnerability scan and not get hundreds of thousands of the fuckers. Patching software take time, costs money, incurs risks. Not patching software also incurs risks.
Security isn't simple and securing data at that scale is bloody difficult. I mean, complaining that the struts admin wasn't on the security mail list? So fucking what? If they had been they'd have auto-deleted all of the emails anyway because they'd also need to be on 48 other mail lists and they can't reasonably read, absorb and respond to that volume of email.
It's very easy to make accusatory statements following a breach like this but ignorant fools proposing legislation without understanding the domain (informed by idiots that only think they understand the domain) can only cause more issues than they resolve.
Which on reflection is jolly nice for all of us outside of America. Nice boost to our IT industries, this.
Biting the hand that feeds IT
