> It’s sad that it’s come to this point but the end result may be better for everyone.
You make a lot of good points, but I am afraid that when such organizations start caring the cure will be worse than the disease. Some of this already leads to either draconian security policies (that make development hard but do not improve ransomware security by much) or passing the risk on someone else, for example by buying a security policy (which increases costs, but seldom improves security). Similar to most restrictions introduced "because pornography" or "because terrorism" those are likely to be mostly a drag on society.
We might eventually get to better security practices: general policies that are easy to implement and not onerous to comply with and flexible exceptions, where the damage is small and relaxing a policy leads to other improvements, but this state seems very far away. My 2c.
You make a lot of good points, but I am afraid that when such organizations start caring the cure will be worse than the disease. Some of this already leads to either draconian security policies (that make development hard but do not improve ransomware security by much) or passing the risk on someone else, for example by buying a security policy (which increases costs, but seldom improves security). Similar to most restrictions introduced "because pornography" or "because terrorism" those are likely to be mostly a drag on society.
We might eventually get to better security practices: general policies that are easy to implement and not onerous to comply with and flexible exceptions, where the damage is small and relaxing a policy leads to other improvements, but this state seems very far away. My 2c.