[PradeetPatel]

As someone who works in the reputation management sector, fulling legal requirements is crucial in establishing a presence in key markets. However, oversharing of internal information that's not required by legal requirements can lead to unnecessary reputation damage, which would lead to a decrease in value for key stakeholders.

I think many engineers often overlook the business implication of disclosing security issues, as it would impact multiple business units as well as the board's stance on security, resource allocation, and potentially the stock price too.

>A restaurant has no legal requirement to make this food tasty Food is a core deliverable for a restaurant, whereas information on a potential breach is not for a SaaS service unless it is legally required.

[dannyw]

Some people are in tech because they want to build technology ethically and responsibly, not to maximise the stock price at all costs.

GH has no evidence this was not exploited. They just didn't log enough things to know if it was exploited or not.

[pastacacioepepe]

> which would lead to a decrease in value for key stakeholders.

I couldn't care less. I want value as a customer. Any company that prioritizes stockholders to customers doesn't deserve my customer money.