[kleiba2]

If you had a company, why not just tell all customers that their data is save but don't waste any money on security at all: in case of a breach, just write an apology email to your clients, promise a full investigation, and move on.

Obviously, you don't have to face any legal consequences, so why worry?

Sorry for the rant... but I just find this lack of liability frustrating.

[popcorncowboy]

I like this. I'm genuinely curious whether you could create a Delve [0] for security. Companies could pay for the "security review and package and dashboard" virtue signal, put an impressively secure looking logo on their site and effectively whitewash needing to do anything else. I suspect a sufficiently expensive law firm could draft the requisite legals to shield the principals SecCo from the eventual unveiling, but not before SecCo could make hundreds of millions and the rest of the industry could save hundreds of millions on their shit-as-fuck security practices anyway. Call the spade a spade.

0 - https://techcrunch.com/2026/03/22/delve-accused-of-misleadin...