Heartbleed affected ~500k websites and countless other services, if the litmus test is “exposed“ then that’s a lot of breach notifications. And depending on required timelines, could force disclosure of embargoed vuln details, which endangers users rather than protect them.
When you give an organization your data, and then it gets exposed or stolen, you probably want to know about it. Seems simple enough. But a seemingly endless parade of massive data exposures reveal just how complicated that practice of disclosure can be. wired.trib.al/xmHWgk1
Oct 13, 2018 · 3:39 PM UTC