Microsoft called out for “blatantly negligent” cybersecurity practices - eviltoast

There’s been a string of security blunders in Azure in the last couple years but leaking a signing key and then trying to downplay it is really beyond the pale

  • stevedidwhat_infosec@infosec.pub
    link
    fedilink
    English
    arrow-up
    17
    arrow-down
    3
    ·
    1 year ago

    It the job of responsible company (especially one Microsoft’s size) to know that and plan for it accordingly.

    Risk management is hard baked into the infosec responsibility set, size isn’t an excuse

    • Phlogiston@lemmy.world
      link
      fedilink
      English
      arrow-up
      4
      ·
      1 year ago

      Did you say, “Size doesn’t matter”?

      (FYI - in hear this excuse all the time at a large company. Somehow our complexity and scale is always an excuse people reach toward. And, as you say, our job from infosec is to shut that whining down.

    • sebinspace@lemmy.world
      link
      fedilink
      English
      arrow-up
      1
      arrow-down
      1
      ·
      1 year ago

      It can be if you don’t have the staff. If humans are the most vulnerable part of the system, you can’t stretch them too thin and expect them to be as effective in their role.

      • stevedidwhat_infosec@infosec.pub
        link
        fedilink
        English
        arrow-up
        3
        arrow-down
        1
        ·
        1 year ago

        That’s part of another issue which should’ve been handled prior to getting too big.

        Manageability is #1 when considering your growth, can’t imagine Microsoft chose to keep a “small staff” out of necessity.

        Perhaps fucking private Sting concerts for higher ups should be scrapped in favor of the employees they fired days prior to attending