It’s a bullshit headline all the way around. They may have waited like 9 days to patch it, but the exploit had been shown to be on their system (and many other companies) for several months. Essentially, the extra 9 days after the vulnerability was discovered and a patch existed wouldn’t have mattered much for anything. Ship already long since sailed.
Comment on Xfinity waited 13 days to patch critical Citrix Bleed 0-day. Now it’s paying the price
ghostpony@infosec.pub 1 year ago
[deleted]
ColeSloth@discuss.tchncs.de 1 year ago
virku@lemmy.world 1 year ago
In Europe this would be a hard to explain breach of GDPR. Which could result in some hefty fines. Especially if it is a vulnerability they knew about but chose to wait.
pastermil@sh.itjust.works 1 year ago
Are they in Europe? My guess is no.
kurushimi@lemmyonline.com 1 year ago
Sure, but the point is to bring additional awareness to how consumer-backing laws with actual teeth can bring about positive change, and perhaps to motivate citizens to support similar legislation and legislators who would write it.
plz1@lemmy.world 1 year ago
In the real world, fines are a cost carried to the customer. So even with GDPR, the customer is still the loser in the situation.
wahming@monyet.cc 1 year ago
Not in the EU. Fines can actually hurt here
plz1@lemmy.world 1 year ago
So fines come with a requirement that a company can’t raise prices to recoup them?