And? Thats not because "AWS" was like "OMG so smart", AWS is already well aware of this issue but lays the blame on "Shared Responsibility" and are likely annoyed that Salesforce, a partner of AWS< released this without communication.
Honestly, my guess is there was a lapse in Salesforce somewhere, where either legal or PR didn't check this because this likely goes against Salesforce and AWS NDA for their partnership. I worked as an AWS partner before, there are requirements that go into place before you can release stuff like this to the public. Plus, having worked with Salesforce as well, I assume they have a PR policy to not use the word "hacking" in tool names or description, especially in regards to partners. My company has similar rules for OSS stuff.
This was more of a bad PR / Legal issue. AWS is well aware that people misconfigure permissions...
And again... better tools and more popular tools already existed... This is not new
Honestly, my guess is there was a lapse in Salesforce somewhere, where either legal or PR didn't check this because this likely goes against Salesforce and AWS NDA for their partnership. I worked as an AWS partner before, there are requirements that go into place before you can release stuff like this to the public. Plus, having worked with Salesforce as well, I assume they have a PR policy to not use the word "hacking" in tool names or description, especially in regards to partners. My company has similar rules for OSS stuff.
This was more of a bad PR / Legal issue. AWS is well aware that people misconfigure permissions...
And again... better tools and more popular tools already existed... This is not new
https://rhinosecuritylabs.com/aws/pacu-open-source-aws-explo...