back to article Orca Security tells AWS fail tale with a happy ending

Two serious security vulnerabilities were recently found in AWS services, but because they were responsibly reported and the cloud biz responded quickly, no harm appears to have been done. On Thursday, Orca Security published details about Superglue and BreakingFormation, vulnerabilities in AWS Glue and AWS Cloud Formation …

  1. Clausewitz 4.0


    Makes me laugh to compare a BILLION-DOLLAR company security rapidness with an underpaid OpenSource developer.

    1. W.S.Gosset

      Re: Incentives



  2. Anonymous Coward
    Anonymous Coward

    Prior art?

    "It might be fairer to say that AWS, and hopefully other public cloud providers, have a greater incentive to respond immediately to security reports than operating system vendors or volunteer open source project maintainers."

    Yes, I'm sure that in the future the near-monopolists will be quick to deal with any issues in their systems. Just ask the company that no-one was ever fired for choosing...

    (Possibly a little unfair - AWS have much greater visibility than TCTNOOWEFFC had in its day)

  3. tip pc Silver badge

    the problem with sharing someone else's computer

    its someone else's computer and we are all hoping that they have configured it correctly and that no one, not even the actual owner, can read our stuff or access our configs.

    it should be clear by now that the only way to ensure that the systems are configured correctly and other customers can't access our accounts/configs/data is to have our own private facilities with our own private compute our own engineers ensuring integrity & our own security monitoring and reacting to threats.

    Cloud is great for those that can't afford to do all the constituent pieces, its not so great for those with enough interesting information that should not be hosted on shared infratructure.

    1. Peter-Waterman1

      Re: the problem with sharing someone else's computer

      All this reminds me of when people used to argue that VMWare was useful but shouldn’t be used in production.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like