[whoknew1122]

Disclosure: Work for AWS in a non-related capacity.

I understand the desire (and need) to post a postmortem as a part of responsible disclosure (which the authors of the article did). But I wish that these sorts of write ups made it clear that the security issue was fixed in the headline.

Just saying 'We reported something' creates a lot of FUD as end users of a service read the headline and lose their shit thinking that their infrastructure is still impacted. Even though this issue has already been fixed.

[scrum-treats]

I wish Amazon AWS would make use of CVEs. This way we users can all see and track security vulnerabilities in real-time, in a central and organized place, instead of relying on individual word of mouth.

[tptacek]

It's not a principle on HN that titles should tell the whole story, such that people can get the entire gist just by skimming the titles.