[im_cynical]

> I'm a little disappointed in the final "conclusion" of the report, though. The end of the executive summary basically chalks the breach up to two things: "Equifax's IT management structure was complicated" and "Equifax uses legacy software that is hard to secure". These are valid points, but these are also issues that nearly every single major corporation in the world faces, and yet many of them still manage to prevent (or at least mitigate) major breaches. These aren't good enough reasons to explain why Equifax failed so spectacularly compared to every other bureaucratic company with legacy software.

Sure lots of companies can manage legacy software, arguably though Equifax's target on their head is substantially larger than most companies. They are the holy grail of personal data. Nothing should be legacy with them

[sorlon]

Legacy systems are a red herring. It's just a way to shift blame to predecessors.

[rco8786]

Everyone has legacy software. NASA has legacy software. But legacy isn’t an excuse to leave it unsecured or unmanaged.

[dylan604]

Maybe that's how Veeger was created. The Voyager software was clearly not kept up to date with the vendor's critical updates. When the satellite was found, the alien hackers laughed out how out of date it was, and how an old 0-day could still be used. The hardest part was to decide to make it into a bot in an botnet used for intergalactic DDoS attacks.