These reports would be useful for any other attacker interested in their infra, it’s obvious why the companies wouldn’t want to release them in this manner.

▲

ok123456 4 hours ago | parent | next [-]

Yes, most organizations are shy to release reports that make them look incompetent or highlight systemic problems. That's why we have laws that now require disclosure of incidents that may have exposed customer data.

	▲	JasonADrury 4 hours ago \| parent [-]
		>That's why we have laws that now require disclosure of incidents that may have exposed customer data. I don't think there's any jurisdiction that requires public disclosure at this level of detail. It's really an extraordinary ask. How many of these reports have you seen?

▲

thinkthatover 6 hours ago | parent | prev [-]

If they can't provide it to us for national security purposes, certainly they could to the appropriate congressional subcommittee