• conciselyverbose@kbin.social
    link
    fedilink
    arrow-up
    4
    ·
    11 months ago

    Given the scope of this project (a non-commercial free mod), I would honestly not judge them harshly for a much poorer response. It’s not their job; if they took a couple days to notice during the holiday season, then weren’t able to say much more than “we think you’re fucked if you have this mod installed”, a lot of harm might be done, and they’d definitely see a lot of criticism, but I’d understand. For a small team that don’t do security, especially one who aren’t even selling their product, getting hacked has the potential to be extremely overwhelming, and you very possibly don’t have the expertise or resources to investigate properly.

    Instead, they put a bunch of real companies to shame. (Some of those companies have breaches that are a lot more complex in scope, but still.)

    • sugar_in_your_tea
      link
      fedilink
      English
      arrow-up
      1
      ·
      11 months ago

      Yup, I 100% agree. I absolutely take the size of the org, the risk to me (e.g. medical info is more impacted than game playtime), and how much I paid into account when evaluating a response.

      This was a way better response than I could ever hope for from such a project.