Incentives
Makes me laugh to compare a BILLION-DOLLAR company security rapidness with an underpaid OpenSource developer.
Two serious security vulnerabilities were recently found in AWS services, but because they were responsibly reported and the cloud biz responded quickly, no harm appears to have been done. On Thursday, Orca Security published details about Superglue and BreakingFormation, vulnerabilities in AWS Glue and AWS Cloud Formation …
"It might be fairer to say that AWS, and hopefully other public cloud providers, have a greater incentive to respond immediately to security reports than operating system vendors or volunteer open source project maintainers."
Yes, I'm sure that in the future the near-monopolists will be quick to deal with any issues in their systems. Just ask the company that no-one was ever fired for choosing...
(Possibly a little unfair - AWS have much greater visibility than TCTNOOWEFFC had in its day)
its someone else's computer and we are all hoping that they have configured it correctly and that no one, not even the actual owner, can read our stuff or access our configs.
it should be clear by now that the only way to ensure that the systems are configured correctly and other customers can't access our accounts/configs/data is to have our own private facilities with our own private compute our own engineers ensuring integrity & our own security monitoring and reacting to threats.
Cloud is great for those that can't afford to do all the constituent pieces, its not so great for those with enough interesting information that should not be hosted on shared infratructure.