[mike_d]

Yes, used to. 15 years ago trying to publish research on critical infrastructure vulnerabilities would get you a visit from the FBI (ask me how I know). Now you get invited to DC to present it in person and your remediation suggestions are taken seriously.

[chaps]

...that still doesn't mean they've stopped as a practice, on the whole, or through other intimidation methods. Hell, I'd argue that its current and subtle manifestation is more harmful on-the-whole than it used to be. Like, sure, the DHS voluntarily releases information, but that's discretionary and at their will. Eg, I sued the Chicago for database columns and table names after they argued it would be a security risk -- DHS gives that info about their own systems voluntarily. And that's even with case law from an ICE lawsuit that says schemas are exempt.

[electric_mayhem]

Ok, mike_d, but how do you know?

[sam_lowry_]

Second that!