undefined | Better HN

0 pointssandworm1019y ago0 comments

Well, without ndas make it hard to find actual reports, but take ashley-madison. Millions of users, talk of a billion-dollar ipo, and the post-hack report by the canadian and austrailian privacy ministers found they had no formal security plan.

0 comments

bogomipz9y ago

So you can't actually substantiate your claim that "virtually none implement proper security".

I am not sure why you think that mentioning a second incident makes your statement true for the majority of tech companies.

digler9999y ago

so according to your logic, one massive hack means all sites are insecure ?

sandworm101OP9y ago

No.. working as a compliance attorney, along with all the industry contacts that entails, allong with a steady stream of reports such as the OP (also target et al) gives me grounds to say that proper security is not an industry norm, that the opposite is more likely.

In doubt? Ask around for how many organizations have a dedicated ciso or privacy officer.

bogomipz9y ago

And Yahoo the company we are discussing has a full time CISO, now at Facebook:

http://www.businessinsider.com/alex-stamos-leaves-yahoo-to-b...

As does Google: http://www.csoonline.com/article/2928798/security-leadership...

As does Twitter: https://www.linkedin.com/in/mcoates

as does Uber: https://newsroom.uber.com/joe-sullivan-joining-uber-as-first...

As does Apple: http://www.reuters.com/article/apple-encryption-executive-id...

As does Amazon: https://www.rsaconference.com/speakers/stephen_schmidt

So I would say its pretty common. Just because its not common at the Ashley Madisons and Targets doesn't mean its uncommon elsewhere.

1 more reply

j / k navigate · click thread line to collapse

0 comments

bogomipz9y ago

So you can't actually substantiate your claim that "virtually none implement proper security".

I am not sure why you think that mentioning a second incident makes your statement true for the majority of tech companies.

digler9999y ago

so according to your logic, one massive hack means all sites are insecure ?

sandworm101OP9y ago

In doubt? Ask around for how many organizations have a dedicated ciso or privacy officer.

bogomipz9y ago

And Yahoo the company we are discussing has a full time CISO, now at Facebook:

http://www.businessinsider.com/alex-stamos-leaves-yahoo-to-b...

As does Google: http://www.csoonline.com/article/2928798/security-leadership...

As does Twitter: https://www.linkedin.com/in/mcoates

as does Uber: https://newsroom.uber.com/joe-sullivan-joining-uber-as-first...

As does Apple: http://www.reuters.com/article/apple-encryption-executive-id...

As does Amazon: https://www.rsaconference.com/speakers/stephen_schmidt

So I would say its pretty common. Just because its not common at the Ashley Madisons and Targets doesn't mean its uncommon elsewhere.

1 more reply

j / k navigate · click thread line to collapse