The team sent out 4,300 disclosure emails to over 600 organisations, but only 9% bothered to reply.
[…]
Eventually, the team reached a 97% remediation rate, but only after going directly to the authorities that issue the certificates.

Why you data leaks, they don’t bother.

Single use keys? Can anyone more familiar with what’s available after TLS 2.0 speak to the overhead of constantly generating new keys. I assume the article is advocating for sessional keys. Do we get into scaleability issues?

Also, I want to make a joke about managers pushing for speed and cost, hiring vibe coders who then hard code credentials, including private keys on their local then submitting them through the sdlc, but I’m too hungover to be funny.