[rbc]

I think that home depot knew, or should have known the value of protecting their customers data. They should have also had some idea or their exposure to the threats that are out there.

I think it's pretty basic. Any IT system has a collection of zero-day vulnerabilities. If the company is smart, they will track what these vulnerabilities are and mitigate the vulnerabilities that can be fixed. The vulnerabilities that don't get resolved will eventually meet up with a zero-day exploit. Then there will be a loss.

It would appear that Home Depot didn't mitigate their vulnerabilities, and now they will have to pay.

[xnull2guest]

Zero days are by definition vulnerabilities that aren't disclosed and do not have fixes.

[rbc]

Therein lies the problem. Waiting for exploits to be developed, before releasing fixes is reactive. More proactive code auditing could reduce the number of zero-day vulnerabilities.

[xnull2guest]

I'm confused about what you're trying to say.