procurement, management, finance, and others you need to appeal to
They don't need to appeal to any of these suits. Just the technical decision-makers, whose express job it is to choose solutions on their technical merits, not their spurious emotional reactions.
My point was that the job of a technology decision-maker is to make decisions on the actual technical merits of various options, the costs and tradeoffs thereof.
If you are in that role, and you permit the name of a vendor to trump the actual merits of the vendor's product, you should never have been trusted with decision-making authority in the first place, and any competitors who don't harbor your particular emotional hangups will get the better of you, and you won't be long for your position anyway.
Cockroach Labs is not selling to the end-consumer. They're selling to people whose job it is to behave like Vulcans. In this particular market, it doesn't matter what the name is.
If you make technology stack decisions based on your feelings rather than what the product actually does, then you shouldn't be employed as a decision-maker.
Why exactly is HackerOne drawing a distinction with this software producer?
The truth is: because a H1 rep went on Risky Business and did not deliver a very good performance.
Patrick, who is absolutely okay with H1 having FiveEye clients like the US DoD, has a very serious problem with them also servicing an obscure spyware application provider. Because, I suppose, being murder-droned by a panopticon hegemony is much better than getting yelled at by an angry spouse?
Don't worry; now that Trump has turned out to be just another shill for Globalism, Facebook will have no problem with him or anybody who continues to support him.
As larger proportions of the infosec community get hired or contracted by law enforcement, intelligence, and other government agencies, you'll find that the respect for liberty that the hacker manifesto espoused is increasingly hard to find.
The prescient Upton Sinclair: “It is difficult to get a man to understand something, when his salary depends on his not understanding it.”
for asynchronous messaging, agl had something really promising with pond, but for "reasons" decided to abandon it, and nobody bothered to continue its development.
Thanks for your response. I'm peripherally interested in application security, so I've followed SwiftOnSecurity, the grugq, HN's very own tqbf, 0x00string, xntrik, matt blaze, etc. I also listen to Risky Business, LiquidMatrix, cyberwire, etc.
My impression based on following "thought leaders" and listening to the most highly-regarded podcasts is that the community is, in fact, exactly as I described. (even the recent appointment of IC shill Jeff Man as a regular on Paul's Security Weekly has dramatically shifted his show in that direction.)
If you don't mind, can you recommend other people to follow/listen to that might balance out the impression I have received? Thanks.
It's not just Schneier. Seems that nearly everybody in infosec is convinced of Russia's complicity in everything from the DNC leaks, to Vault7, to ShadowBrokers, and now allegedly the Macron campaign.
Listening to the RiskyBusiness podcast, for instance, it's incredibly obvious that the community is fully in the tank for the Russian attribution hypothesis, and habitually carries the water for FiveEyes IC.
Meanwhile, we mere plebs have very little evidence to judge the community's beliefs by, other than blind faith in, say, CrowdStrike.
If the infosec community would like to actually state their case to the plebs, I would love to hear it. But all I've ever been able to find is "the phishing email is a little similar to something produced by APT28, and there was an IP once used by FancyBear like 5 years ago, so it's 99.9999% certainly Russia".
And nobody seems to care enough about those outside the community to even try to state the case.