These reports would be useful for any other attacker interested in their infra, it’s obvious why the companies wouldn’t want to release them in this manner.
replyIf they can't provide it to us for national security purposes, certainly they could to the appropriate congressional subcommittee
replyYes, most organizations are shy to release reports that make them look incompetent or highlight systemic problems. That's why we have laws that now require disclosure of incidents that may have exposed customer data.
reply>That's why we have laws that now require disclosure of incidents that may have exposed customer data.
replyI don't think there's any jurisdiction that requires public disclosure at this level of detail. It's really an extraordinary ask. How many of these reports have you seen?