> Their inability to route that information to the right person should not be a valid defense or else incompetence becomes a business advantage.
I don't mean to sound trite but hasn't it pretty much been proven to be already?
Look at things like the Equifax situation. A competent team performing security reviews and fixing and maintaining things would cost money. Repeat for N data breaches. And that's just software security -- it doesn't consider even more serious cases like those of infrastructure failures (bridge collapses, levee failures, dams breaking etc.) that have more important consequences.
I agree with what I believe was the main point you were making which is that SEGA should not be excused here. I just think businesses have come to view competence as being expensive and so it's optional, and that this seems to be somewhat okay with people until it directly affects them.
I don't mean to sound trite but hasn't it pretty much been proven to be already?
Look at things like the Equifax situation. A competent team performing security reviews and fixing and maintaining things would cost money. Repeat for N data breaches. And that's just software security -- it doesn't consider even more serious cases like those of infrastructure failures (bridge collapses, levee failures, dams breaking etc.) that have more important consequences.
I agree with what I believe was the main point you were making which is that SEGA should not be excused here. I just think businesses have come to view competence as being expensive and so it's optional, and that this seems to be somewhat okay with people until it directly affects them.