Hi, yes, welcome to Mozilla Burger.

Hi, yes, welcome to Mozilla Burger. It's true our burgers come with asbestos but the good news is you can pick it off yourself. Look how easy that is. No we can't make a burger without it and let you add it yourself later. Why would we do that?

@campuscodi "New" might be a bit of a stretch.

https://blog.talosintelligence.com/uat-8616-sd-wan/

After the discovery of active exploitation of the 0-day in the wild, we were able to find evidence that the malicious activity went back at least three years (2023).

@catsalad @Sempf Exactly. Operations like that don't just happen.

But no, that's probably the third or fourth time I've posted that one in the past week. I liked how it turned out so I keep using it wherever I can.

@catsalad I am become death. Destroyer of moons.

@catsalad Catte in space?!

@PogoWasRight @cloudsek @amvinfe @campuscodi @euroinfosec @lawrenceabrams

@SecurityWriter moar plz 👉 👈 🥺

@phooky I shall resist the crabs as well. 🪒

@da_667 Rumor has it Microsoft is a bunch of people playing chicken like the yodeler in Price is Right and just want to pump and bail right before the crash. Everything they do these days supports that rumor so...

@GossiTheDog If only a significant number of security practitioners could have seen it coming and warned people.

@boblord @hotsoup Thanks but I'm not in a position to make change through political or industrial ways. But some people are.

@hotsoup @boblord Exactly. So much in tech says it's engineering but it's not. Engineering requires an understanding of how things work. But tech is about how to make money the fastest.

@boblord @hotsoup Fines. Look at the auto industry. Transmissions fail to park, gas tanks explode, Lancias rust like a trans girl's GitHub history, you get the idea. But they were fined. Publicly traded corporations only care about the feelings of their investors. Kick them in those plums and they'll start trying to improve instead of finding cheap ways to hide their cheap failures.

@boblord I believe you want to improve things, I really do. But I think in order to get there, computer science needs to be engineering-focused rather than business-focused. And it's not. Especially in academia.

@boblord First and foremost, they hold manufacturers responsible for poor engineering. In tech it's just "LOL patch if you can." Without that, respectfully, the comparison is not valid.

@brahms @ckure @boblord It's a fair point but I dislike it specifically because if the arguing about it. Full disclosure means people are either patching / mitigating or they're whining.

@meatzie @ckure @boblord If they don't get rejected by the CNA. I'll try to remember to search through the rejected ones. I bet there are 50+ from Fortinet alone in 2025.

@ckure @boblord Yep. And which one is in the vendors' best interests, especially with such a corpo friendly US regime? I am completely back in the full disclosure train. It's the most effective and efficient way to protect critical infrastructure.

@winterknight1337 Now it's getting interesting.

RE: https://infosec.exchange/@boblord/116075393614821884

Hot take (?): No company should be the CNA for their own products.