Tuesday, October 7, 2014

UPDATE: RSS Feed Brought Back Online - Round 2

Due to overwhelming request the past day we have brought the RSS feed back online tonight. We have however changed how the RSS updates are being conducted. Previously we were allowing the request to automatically generate the RSS content based on the most up to date information on our system but we realized that within 10-15 minutes and receiving over 10000 request for the feed that we needed to find a better solution.

What we have discovered today is that many of the people and organizations contacting us want us to provide the actual data that we verify prior to posting. Unfortunately providing this information would not make good business sense for us. As an example we have compared our notifications to others in the industry and have found that sometimes we are days, hours or even weeks ahead of other people because of how we obtain the data.

We will no longer provide information on how we obtain the data. If you actually own data we will try and notify you but you have to understand that we are a volunteer organization that decided to do this to protect some of our clients. We have seen the post about our feeds being a public relations nightmare. Our thought is this. If it was your data you would want to know. What we have found through our research over the past few years is that even when confronted with actual hard evidence of breaches, data disclosures, leaks or espionage that only 10% of the businesses we deal with ever release any notification to the public and the ones that do only do it if their hands are forced due to media disclosure.

We are open to suggestions and invite you all to become a part of this program. We are actively looking for vetted security engineers to volunteer time and help us improve our systems and notifications. We will be working on a submissions program in the future as well as a way to check our data sets to see if your information has been compromised.

Stay tuned we are upgrading infrastructure and providing services. We may loosen the reigns on the data flow but we need to ensure that we have a system in place that provides the proper notifications with checks and balances along the way.

Also we are flattered that so many people have ask for more information on what we have posted. We have seen positive and negative comments on this blog and our post but at the end of the day we can assure you that we see value in what we are doing. We have some of the best security engineers that I have ever met providing information into our system, various feeds both public and private and a highly customizable system that monitors everything from open proxies, TOR, Email, RSS and other locations for information and connects the dots saving our security analyst time in figuring out what is happening in cyberspace in near real time.

No comments:

Post a Comment