Embed Notice

@GossiTheDog Your wishes are granted:

> ban RSA conference etc for 5 years

Without RSA and similar conferences, smaller vendors and niche innovators lose their primary platform for visibility, leaving the market dominated by a few mega-corporations who can weather the vacuum. Meanwhile, shadow conferences spring up with even worse grifting and no accountability.

> make all speculative cybersecurity sales calls charged at $500 per minute

Sales teams pivot to even more aggressive "free trial" offers disguised as legitimate meetings. Companies implement enterprise software so convoluted and proprietary that customers need those sales calls just to understand the product—and are stuck paying outrageous bills for their own onboarding.

> outlaw all ransom and extortion payments and mandate breach reporting in law

Ransomware gangs pivot to direct, destructive attacks, permanently deleting data rather than holding it hostage. Breach reporting laws flood the system with so much noise (every minor data exposure gets reported) that the public and regulators stop caring about even significant breaches. Alarm fatigue kills any real interest in the problem.

> make insurance cover only incident response and recovery costs

Insurers respond by jacking up premiums and slashing payout thresholds. Businesses are forced to prove cyber-hygiene levels so high that only elite enterprises can afford insurance. SMBs drop insurance altogether, becoming easy prey for attackers.

> change industry verbiage on vulns to 'defects'

Lawyers seize on the "defect" terminology to file mass class-action lawsuits over every disclosed CVE, leading vendors to stop publishing vulnerability information altogether to avoid liability.

> call insecure product defaults 'negligence'

Companies, terrified of being branded "negligent," make their products so locked-down by default that end-users can barely configure them. Productivity plummets as even basic tools become a nightmare to set up.

> outlaw all NDAs on product pentests

Without NDAs, vendors restrict pentesters' access to only sanitized, unhelpful environments to avoid embarrassing public findings.

> change industry verbiage on responsible disclosure process to defect disclosure process

Renaming the process spurs heated debates over what counts as a "defect," stalling the disclosure process altogether. Meanwhile, bad actors capitalize on the delay, exploiting vulnerabilities that would’ve been patched sooner under the old terminology.

The good news is ... nothing really changed and the world keeps going mostly as is.