Why can't we have "blameless post-mortems" in security? #question
To me, however, this does NOT mean that gross incompetence should not be found, blamed and punished. Just that the post-mortem analysis process needs to be run blamelessly (am I off here?)
BTW (and please correct me if I am off here), I trace the origin of "blameless postmortem" concept to this: landing.google.com/sre/sre-book/c…
.. where they say "For a postmortem to be truly blameless, it must focus on identifying the contributing causes of the incident without indicting any individual or team for bad or inappropriate behavior."
• • •
Missing some Tweet in this thread? You can try to
force a refresh