We've got a lot of really great security patterns at our disposal these days. Thing is though, they're still way too hard for your average person which means adoption suffers.
HTTPS is an essential part of securing the web, but there are certain things it can't protect your from that take many people by surprise.
The idea of "zero incidents" is a fundamentally flawed concept when we're dealing with complex systems.
You know the hardest thing about disclosing security vulnerabilities? Just getting the organisation to listen.
Do mandatory data breach disclosure laws go far enough? Or are they protecting the guilty at the expense of the innocent?