Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Because breaches come from public vulnerabilities, unless you can prove there was no breach, you should treat it as a breach. This is common information security practice.

Google are unable to prove there was no breach because they didn't keep sufficient logs, which is also not acceptable in modern security practice.



> This is common information security practice.

No it isn't.

If every vulnerability in every product turned into a "We've been breached" disclosure the industry would be a disaster.

Yeah, they didn't keep sufficient logs and they fucked up really badly there. Still silly to call it a breach.


The industry is a disaster because companies don't disclose potential breaches.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: