Security is fundamentally a lemon market - something @haroonmeer & I have also lamented ad nauseum:
https://twitter.com/mmurray/status/1488874956263993345
It’s how crap like this get passed off uncritically by press & analysts - e.g. tromboning users’ traffic through data centers running “custom TCP/IP stacks” for middlebox interception is 100% network security, despite marketing claims to something shinier: venturebeat.com/2022/01/31/zsc…
We used to publicly break things for fun and shared benefit as a community; these days, attackers & security vendors may equally profit from defenders’ ignorance. Perverse incentives abound in security, per @dotMudge: #sadtrombone 
e.g. I was dumbfounded when a public vendor we had @certcc coordinate disclosure with claimed they weren’t vulnerable because they’d immediately patched, and were listed as not affected, despite our working exploit. Zero Trust indeed.
• • •
Missing some Tweet in this thread? You can try to
force a refresh
