US Big Tech and Little Tech: Are the Priorities Clear?
September 19, 2022
Just a quick note to document the run up to Big Changes in 2023.
First, the estimable, much loved and respected, togetherness outfit made some of its priorities clear. I read “Meta Disbands Responsible Innovation Team, Spreads It Out over Facebook and Co.” [I think the “co” means company, whatever.]
The article states:
Meta spokesman Eric Porterfield told The Register that, rather than ending the efforts of the RIT, the disbanding will see “the vast majority” of the 20-person team moved into other areas at Meta “to help us scale our efforts by deploying dedicated experts directly into product areas, rather than as a standalone team.” Per Porterfield, Meta’s official statement on the matter is that the work done by the RIT is more of a priority now – not less, as a disbanding of the team would suggest.
Yep, disbanding means amping up. One priority is clear to me: Dump a central group and bury what I think is an underfunded, understaffed, and mostly ignored function. Is Facebook saying, “Okay, find someone to pin a specific issue on now, you Silicon Valley real journalists and pesky Congress-people.”P
The second item about priorities is from everyone’s favorite work around for MasterCard and Visa issues. I read “Patreon Cut At Least Five People From Its Security Team.” The article reports:
“As part of a strategic shift a portion of our security program, we have parted ways with five employees,” said Patreon in an emailed statement attributed to the company’s U.S. policy head, Ellen Satterwhite …
What’s this say to me? How about Patreon management perceives that its security is really good. And that the layoffs don’t have an impact on security. Therefore, why not reduce the cyber security team? That makes sense in Patreon-land; here in Harrod’s Creek, Kentucky, not so much.
The third item concerns digital plumbing. I noted “Cisco Says It Won’t Patch These Dangerous VPN Security Flaws in Its SMB Routers.” The owner of the Talos security operation is okay with some security flaws. The article asserts:
Cisco has said it won’t be issuing any further updates for three vulnerable routers which could apparently allow an unauthenticated, remote attacker to bypass authentication controls and access the IPSec VPN network.
Good decision, right?
Net net: The priorities for 2023 are clear:
- Reorganize so it is tough to pinpoint who is doing what
- Assume that cost cutting will keep security in tip top share or at least less likely to be fixed up when a gap is discovered by bad actors
- Rationalize away doing security while sending a signal to bad actors that certain devices are vulnerable.
Outstanding management presages a super duper 2023.
Stephen E Arnold, September 19, 2022