undefined | Better HN

0 pointswslack4y ago0 comments

It's still a breach if an org misconfigures an API, allowing more records to be available than was indended.

0 comments

Mens rea is honestly a mistake.

I don't care what the org "intended" to do. The org assumed the responsibility of providing an API and with it the responsibility of securing private data. They failed and should be held culpable.

Boeing doesn't call it a "cyberattack" when their altitude control systems fail because of poor design.

j / k navigate · click thread line to collapse

0 pointswslack4y ago0 comments

It's still a breach if an org misconfigures an API, allowing more records to be available than was indended.

0 comments

uoaei4y ago

Mens rea is honestly a mistake.

I don't care what the org "intended" to do. The org assumed the responsibility of providing an API and with it the responsibility of securing private data. They failed and should be held culpable.

Boeing doesn't call it a "cyberattack" when their altitude control systems fail because of poor design.

j / k navigate · click thread line to collapse