| ▲ | brian_kuan 4 hours ago | |
Because they live in infrastructure the vendor itself controls - there's some conflict of interest there. Things like retention, rotation, deletion, what gets included/excluded, etc are all decisions the vendor makes. Same reason why compliance requires audits! The hash chain doesn't make the log unwritable, it makes any edit detectable. | ||