I've worked in enterprise security teams for the last decade. This is spot on. It's retarded and will never change because there is no accountability. Corporate IT don't give no fucks.
Unfortunately the world doesn't run off technical ability though. Oracle is a mammoth because it's proficient at extracting value and profit from its businesses. Don't get me wrong, I agree with you in principle, but it's the equivalent of someone destroying artwork and making a gain from it and wondering how they get away with it when the world doesn't care about art, they care about money.
You're right, but people complaining shouldn't dictate life. People also complain about being crushed by ransomware. Not to say they don't have a valid point, but the paradigm needs to change.
We used trusted stores for certificates and mobile applications, it's time for the desktop to do the same beyond drivers.
Not to say things won't creep through, but default allow needs to go for this to be truly solved, not a new feature or vendor product.
This seems like another strange workaround. We need to change the way the operating system behaves for the future. The problem is default allow for untrusted code to execute. Everyone recognises this as the problem, no one wants to step forward and implement the change.
We do it for mobile, mostly, the desktop needs the same shift.
Grsecurity wouldn't exist if Linux made security a priority. It doesn't, because backwards compatibility and features is more important to them. It doesn't mean because Linus says something so strongly on a subject is right or wrong, he is generally abusive and rants and has for years.
Grsecurity is important to some people, not all, and vice versa for the features and backwards compatibility crowd.
Personally I'd hope someone in Linus position would see both sides of the fence, but he doesn't and always has some mouthy outrageous opinion. So this is zero surprise.
This might be doing others a disservice. Don't avoid certification altogether, some people actually enjoy the study/test and tangible outcome of certification. I personally have none, it's not for me.
Rather avoid certification if you just want to have 20 lines on your resume to look like a ninja and brag. I'm a hiring manager in infosec, and same deal if you brag about certs I start to tune out.
Yes, as the other comment says. They become eligible to apply for EAD only after 3 months. You then need to wait for the EAD, which processing time varies depending on location.