|
|
|
|
|
|
by hcazz
1547 days ago
|
|
|
>The security professionals today are the second sellers of snake oil If someone breaks into your house, and stays there for a week, would you say they didn't really break in because they didn't murder you? >proof-of-breach Maybe you're referring to a "proof of concept"? A "proof of breach" in the security industry is an incident to be investigated, and if necessary, involve law enforcement. It isn't meddling kids that didn't cause any harm. As a side note, I've never heard anyone use the term "proof of breach" in that context in the industry. The fact that Okta didn't detect this earlier is concerning in its own right, let's not downplay the fact that the level of access that third party providers have is not a solved issue in the industry. The RCA/post mortem/follow up actions from Okta's side should not be "they got access but didn't do anything with it, we don't need to change anything". |
|
|