I’m convinced that the cybersecurity and security research industry is largely a pass-the-blame market. And honestly, that's not a bad thing — it's smart and even necessary. If a publicly traded company suffers a security breach, they can say, "We hired [security firm] to harden our systems — if something went wrong, it’s on them." This way, the company deflects blame, protects its reputation, and keeps shareholders satisfied. All-in-all not a bad strat