These reports would be useful for any other attacker interested in their infra, it’s obvious why the companies wouldn’t want to release them in this manner.
Yes, most organizations are shy to release reports that make them look incompetent or highlight systemic problems. That's why we have laws that now require disclosure of incidents that may have exposed customer data.
>That's why we have laws that now require disclosure of incidents that may have exposed customer data.
I don't think there's any jurisdiction that requires public disclosure at this level of detail. It's really an extraordinary ask. How many of these reports have you seen?