scandale-project is also meant to monitor constituencies' actions after being notified about security issues. The idea is to timestamp scan results with a Time Stamp Authority to have a clear and indisputable incident timeline following a notification. The aim is to nudge constituencies to take action and also give them leverage on non-cooperating suppliers. No infrastructure change or patch after repeated notifications is not a good trajectory to be on--hence the name, scandale :)
No comments yet.