Just a reminder, this is the same :birdsite: that runs 500k servers, 60% of them so outdated, that many are not even supported by the OS vendor anymore.
Whose technical staff, every single one of them, has direct access to production environment. Because they develop on it. Because there is no testing/staging environment.
All this coming from former CISO, Mudge:
https://archive.org/download/whistleblower_disclosure
https://www.judiciary.senate.gov/imo/media/doc/Testimony%20-%20Zatko%20-%202022-09-13.pdf
And if you don't want to read all ~200 pages of this, I don't blame you!
I have, however, read all of them and noted out the most interesting stuff:
https://rys.io/static/TwitterWhistleblowerRevelationsExcerpts.html
Or nice version over at @tomasino's:
https://wiki.tomasino.org/Twitter-Whistleblower-Revelations-excerpt
Or the raw Markdown:
https://rys.io/static/TwitterWhistleblowerRevelationsExcerpts.md
It's juicy!
And if you don't want to read all ~200 pages of this, I don't blame you!
I have, however, read all of them and noted out the most interesting stuff:
https://rys.io/static/TwitterWhistleblowerRevelationsExcerpts.html
Or nice version over at @tomasino's:
https://wiki.tomasino.org/Twitter-Whistleblower-Revelations-excerpt