undefined | Better HN

0 pointsmarcus0x621y ago0 comments

Google isn’t buying Wiz for “security expertise”, they’re buying Wiz for a security product, in a growth area, that customers absolutely love. You’ve provided no evidence for the conspiracy theory that google is buying Wiz to siphon up a bunch of data, and if you’re going to link to Wiz, maybe link to their public list of security certifications, many of which prohibit the type of data harvesting you are suggesting.

https://trust.wiz.io/

0 comments

tasuki1y ago

"Trust" screams insecurity. Security is in the direction of trustless rather than requiring trust. Do you trust companies which say front and center "you can trust us"?

Wiz is a "security product"? Security isn't something you can buy and bolt on to your systems as an afterthought. It doesn't work like that!

marcus0x62OP1y ago

I’m honestly not sure what your point, if any, is.

zifpanachr231y ago

That the security software industry is kind of full of shit sometimes is I think what they were getting at.

2 more replies

megous1y ago

I trust open source code I can see and compile and control. :)

How is "trusting wiz" (trusting some icons on website controlled by wiz leading to publicly inaccessible reports, half of which are done by a single company somewhere in Florida) related to what Google might do with it after aquisition?

marcus0x62OP1y ago

That’s great. For you. Most businesses don’t have the ability or desire to build every single security tool they use in-house or use open source for everything. So they buy commercial tools. Which are audited by third parties to give the companies that use the commercial tools some idea of how their data will be used.

If google wants to maintain those audit findings, which they’ll need to do to keep most of their customers, that’s going to limit the kind of data collection they can do. Unless, of course, you want to propose a new conspiracy theory (which I guess would be par for the course in this thread) that Google is going to lie to their auditors to get at that sweet, sweet data (most of which they already have for their GCP customers and don’t need to buy Wiz to obtain.)

megous1y ago

Google has GCP customer data, but Wiz tool aparently works not just for GCP, so there's a lot of competitor cloud data to be had from aquiring it.

j / k navigate · click thread line to collapse

0 pointsmarcus0x621y ago0 comments

https://trust.wiz.io/

0 comments

tasuki1y ago

"Trust" screams insecurity. Security is in the direction of trustless rather than requiring trust. Do you trust companies which say front and center "you can trust us"?

Wiz is a "security product"? Security isn't something you can buy and bolt on to your systems as an afterthought. It doesn't work like that!

marcus0x62OP1y ago

I’m honestly not sure what your point, if any, is.

zifpanachr231y ago

That the security software industry is kind of full of shit sometimes is I think what they were getting at.

2 more replies

megous1y ago

I trust open source code I can see and compile and control. :)

marcus0x62OP1y ago

megous1y ago

Google has GCP customer data, but Wiz tool aparently works not just for GCP, so there's a lot of competitor cloud data to be had from aquiring it.

j / k navigate · click thread line to collapse