• lando55@lemmy.world
    link
    fedilink
    English
    arrow-up
    1
    ·
    edit-2
    3 年前

    It does if you consider it from the point of view of a. Someone went out of their way to design this API so as to allow this or b. A team of individuals deployed it without realizing how it would be exploited

    You can generally learn things from a breach, but finding and remediating systemic issues like those mentioned above is a big ask

    Edit: I either responded to the wrong comment or misunderstood what you said. It’s late in the day…

    • unscholarly_source@lemmy.ca
      link
      fedilink
      English
      arrow-up
      1
      ·
      3 年前

      I think you replied to the right post (mine) but I didn’t downvote you.

      Information disclosure doesn’t necessarily imply it’s intentional or unintentional, just that information was disclosed. But in a sense I do agree somewhat with that you said, only that WHO the person who developed the API receives that message from makes a huge difference. The IT security team coming to you and says “information disclosure” is scarier than a team mate

      • lando55@lemmy.world
        link
        fedilink
        English
        arrow-up
        1
        ·
        3 年前

        Oh I wish that were true but unless GRC or Legal get involved nothing much comes of it lol