[jariel]

Yes - but the alternative argument could be made that a million small organizations have no ability to stay on top of every little best practice, update, software, no dedicated security/zero day team, no ability to do investigations/in-depth analysis - i.e. easily compromised.

[EvanAnderson]

Apparently big companies also can't vet or properly compartmentalize third-party software either.

It's an untenable problem for organizations of any size. There aren't enough man hours to reverse engineer and vet all the third-party software that any sized organization uses. There's no community will to force vendors to do better either.

We need something like an Underwriters Labs for software. It probably will take the insurance industry coming down hard for things to change.

[jariel]

"Apparently big companies also can't vet or properly compartmentalize third-party software either."

Amazon, G and MS generally do.

I believe that whatever data you have, it's more secure on AWS than anywhere but your hard drive not connected to the internet.