{"title":"Spoiledlunch","description":"Nerdy Stuff. Tech Talk. Zero Freshness.","subtitle":"Analysis and commentary on GRC, security, and AI.","articles":[{"title":"The Problem With Single Pane of Glass Security","url":"/articles/2026-07-08-the-problem-with-single-pane-of-glass-security-platforms/","date":"2026-07-08","summary":"Every generation of security platform marketing rediscovers the same pitch: too many tools, too much context switching, analysts drowning in disconnected consoles. The solution is …"},{"title":"Asset Inventory Is Still an Embarrassing Problem","url":"/articles/2026-05-01-why-asset-inventory-is-still-the-most-embarrassing-security-problem-in-large-organizations/","date":"2026-07-07","summary":"For an industry that loves the word visibility, security remains remarkably bad at answering the oldest infrastructure question in the room: what do we actually have?\nThat should …"},{"title":"Global Information Security Day: A Vendor-Made Holiday","url":"/articles/2026-06-30-global-information-security-day-how-the-security-industry-invented-a-holiday-for-itself/","date":"2026-06-30","summary":"Today is Global Information Security Day, an awareness holiday you\u0026rsquo;ve probably never heard of despite eleven years of \u0026ldquo;global\u0026rdquo; celebration. That\u0026rsquo;s because …"},{"title":"AI Usage Discovery Is the New Shadow IT Problem","url":"/articles/2026-05-01-why-ai-usage-discovery-is-becoming-the-new-shadow-it-problem/","date":"2026-06-30","summary":"For years, shadow IT meant unsanctioned SaaS, unmanaged devices, and business teams adopting systems faster than central governance could track them.\nNow the same pattern is …"},{"title":"AI Incident Response Is Underbuilt Almost Everywhere","url":"/articles/2026-05-01-why-ai-incident-response-is-still-underbuilt-almost-everywhere/","date":"2026-06-23","summary":"Most organizations now have some language about responsible AI.\nFar fewer have a credible answer to a simpler question: what happens when an AI system causes a production problem …"},{"title":"The SIEM Did Not Fail; Your Data Model Did","url":"/articles/2026-05-01-the-siem-did-not-fail-your-data-model-did/","date":"2026-06-16","summary":"Security teams love to declare that the SIEM failed them. It is a clean story. The platform was noisy, expensive, slow, or hard to operate. Leadership understands vendor …"},{"title":"The KEV Catalog Is Useful, Not Prioritization Strategy","url":"/articles/2026-05-01-the-kev-catalog-is-useful-but-it-is-not-a-prioritization-strategy/","date":"2026-06-09","summary":"The Known Exploited Vulnerabilities catalog is one of the better things to happen to enterprise vulnerability management in years. It gives defenders a cleaner signal than generic …"},{"title":"The Cloud Control Plane Is Still the Easiest Blind Spot","url":"/articles/2026-05-01-the-cloud-control-plane-is-still-the-easiest-place-to-be-blind/","date":"2026-06-02","summary":"Cloud security programs often spend their money where the infrastructure is easiest to picture.\nThey instrument workloads. They scan containers. They watch endpoints. They analyze …"},{"title":"Internet Safety Month: Child Protection Became Sales","url":"/articles/2026-06-01-national-internet-safety-month-how-child-protection-became-parental-control-software-sales/","date":"2026-06-01","summary":"June is National Internet Safety Month, which means it\u0026rsquo;s time for parents to be very, very worried about what their children are doing online. Conveniently, it\u0026rsquo;s also …"},{"title":"Compliance Exceptions Tell You More Than Controls","url":"/articles/2026-05-01-compliance-exceptions-tell-you-more-than-your-passed-controls/","date":"2026-05-26","summary":"Organizations love to report passed controls because passed controls are flattering.\nThey suggest order. They suggest repeatability. They suggest that the environment behaves the …"}],"news":[{"title":"Study on the Big Data applications in the European insurance sector","url":"/news/2026-07-09-study-on-the-big-data-applications-in-the-european-insurance-sector/","date":"2026-07-09","summary":"Summary: Study on the Big Data applications in the European insurance sector\nWhy it matters: This matters if it changes how teams think about model governance, …"},{"title":"Study on the interplay between the AMLD and the GDPR framework","url":"/news/2026-07-09-study-on-the-interplay-between-the-amld-and-the-gdpr-framework/","date":"2026-07-09","summary":"Summary: Study on the interplay between the AMLD and the GDPR framework\nWhy it matters: This matters if it changes compliance expectations, enforcement posture, …"},{"title":"OpenPLC v3","url":"/news/2026-07-09-openplc-v3/","date":"2026-07-09","summary":"Summary: View CSAF Summary Successful exploitation of this vulnerability could allow an authenticated attacker to write arbitrary files to the filesystem and …"},{"title":"RentGrow to Pay $2.25 Million to Settle FTC Allegations the Company Violated the Fair Credit Reporting Act ...","url":"/news/2026-07-09-rentgrow-to-pay-2-25-million-to-settle-ftc-allegations-the-company-violated-the-fair-credit-reporting-act/","date":"2026-07-09","summary":"Summary: RentGrow, a provider of consumer reports for tenant screening, will be required to pay $2.25 million to settle Federal Trade Commission allegations …"},{"title":"Schneider Electric Easergy MiCOM Px40 Series","url":"/news/2026-07-09-schneider-electric-easergy-micom-px40-series/","date":"2026-07-09","summary":"Summary: View CSAF Summary Schneider Electric is aware of a vulnerability in its Easergy MiCOM Px40 Series products.\nWhy it matters: This matters if it changes …"},{"title":"Schneider Electric PowerChute Serial Shutdown","url":"/news/2026-07-09-schneider-electric-powerchute-serial-shutdown/","date":"2026-07-09","summary":"Summary: View CSAF Summary Successful exploitation of these vulnerabilities could allow attackers to overwrite critical files, forge or inject malicious log …"},{"title":"Template for Cross-Regulatory Cooperation Agreements","url":"/news/2026-07-09-template-for-cross-regulatory-cooperation-agreements/","date":"2026-07-09","summary":"Summary: Template for Cross-Regulatory Cooperation Agreements\nWhy it matters: This matters if it changes compliance expectations, enforcement posture, or the …"},{"title":"GPT-5.5 Bio Bug Bounty","url":"/news/2026-07-09-gpt-5-5-bio-bug-bounty/","date":"2026-07-09","summary":"Summary: Details about the OpenAI Bio Bounty program\nWhy it matters: This matters if it changes how teams think about model governance, safety work, monitoring, …"},{"title":"SEC to Host Virtual Roundtable on Modernizing IPOs and Expanding Access to Public Markets","url":"/news/2026-07-08-sec-to-host-virtual-roundtable-on-modernizing-ipos-and-expanding-access-to-public-markets/","date":"2026-07-08","summary":"Summary: The Securities and Exchange Commission’s Office of the Advocate for Small Business Capital Formation and the Division of Corporation Finance will …"},{"title":"Our approach to government and national security partnerships","url":"/news/2026-07-08-our-approach-to-government-and-national-security-partnerships/","date":"2026-07-08","summary":"Summary: Learn how OpenAI approaches government and national security partnerships, with principles for responsible AI use, democratic accountability, and …"}]}