{"title":"Spoiledlunch","description":"Nerdy Stuff. Tech Talk. Zero Freshness.","subtitle":"Analysis and commentary on GRC, security, and AI.","articles":[{"title":"Compliance Exceptions Tell You More Than Your Passed Controls","url":"/articles/2026-05-01-compliance-exceptions-tell-you-more-than-your-passed-controls/","date":"2026-05-26","summary":"Organizations love to report passed controls because passed controls are flattering.\nThey suggest order. They suggest repeatability. They suggest that the environment behaves the …"},{"title":"GDPR Enforcement Anniversary: Eight Years of Real Privacy Law and Fake Compliance Theater","url":"/articles/2026-05-25-gdpr-enforcement-anniversary-eight-years-of-real-privacy-law-and-fake-compliance-theater/","date":"2026-05-25","summary":"Today marks eight years since GDPR enforcement began. Unlike most awareness campaigns we investigate, this anniversary commemorates something that actually works: the world\u0026rsquo;s …"},{"title":"SOC 2 Became a Sales Requirement, Not a Trust Signal","url":"/articles/2026-04-25-soc-2-became-a-sales-requirement-not-a-trust-signal/","date":"2026-05-19","summary":"SOC 2 still matters. That is exactly why the industry has let it become something more misleading than useless.\nThe report was supposed to be a narrow assurance artifact: a way to …"},{"title":"AI Governance Gets Real Only After Deployment","url":"/articles/2026-04-25-ai-governance-gets-real-only-after-deployment-v2/","date":"2026-05-18","summary":"Most AI governance programs are strongest at the exact moment the system is least exposed.\nBefore launch, organizations know how to look serious. They can write principles. They …"},{"title":"International Anti-Ransomware Day: Who Really Profits from the Fear Campaign?","url":"/articles/2026-05-12-international-anti-ransomware-day-who-profits-from-fear/","date":"2026-05-12","summary":"It\u0026rsquo;s International Anti-Ransomware Day. Time to be very, very afraid of ransomware. And conveniently, very, very ready to buy solutions.\nWhat started as a legitimate effort …"},{"title":"World Password Day: Intel's Marketing Legacy Thirteen Years Later","url":"/articles/2026-05-07-world-password-day-intels-marketing-legacy-thirteen-years-later/","date":"2026-05-07","summary":"World Password Day just ended, and with it, another week of password managers explaining why your passwords aren\u0026rsquo;t complex enough, MFA vendors explaining why passwords are …"},{"title":"Why Dashboard Metrics Collapse During Real Incidents","url":"/articles/2026-04-24-why-dashboard-metrics-collapse-during-real-incidents/","date":"2026-05-05","summary":"Most security dashboards are built to reassure leadership, not to help responders make decisions under pressure. That tradeoff usually stays hidden until a real incident forces the …"},{"title":"World Password Day: How Security Hygiene Became Subscription Revenue","url":"/articles/2026-05-02-world-password-day-how-security-hygiene-became-subscription-revenue/","date":"2026-05-02","summary":"Today is World Password Day, which means it\u0026rsquo;s time to feel bad about your password habits and grateful for the password manager subscriptions that will save you from your own …"},{"title":"Why Vulnerability Management Breaks Long Before Patching Does","url":"/articles/2026-04-28-why-vulnerability-management-breaks-long-before-patching-does/","date":"2026-04-28","summary":"When leaders say their vulnerability program is struggling because patching is too slow, they are usually describing the last visible failure, not the first one.\nPatching is where …"},{"title":"AI Governance Gets Real Only After Deployment","url":"/articles/2026-04-24-ai-governance-gets-real-only-after-deployment/","date":"2026-04-24","summary":"The industry still talks about AI governance like the hardest part is agreeing on principles before launch. Recent work from NIST and OpenAI points to a different reality: the …"}],"news":[{"title":"SEC Proposes Rescission of Climate-Related Disclosure Rules","url":"/news/2026-05-29-sec-proposes-rescission-of-climate-related-disclosure-rules/","date":"2026-05-29","summary":"Summary: The Securities and Exchange Commission today proposed the rescission of overly burdensome and costly rules that require companies to provide certain …"},{"title":"Boston Children's uses AI to unlock new diagnoses","url":"/news/2026-05-29-boston-children-s-uses-ai-to-unlock-new-diagnoses/","date":"2026-05-29","summary":"Summary: Boston Children’s Hospital uses OpenAI technology to improve patient care, reduce operational burden, and help diagnose more than 40 rare disease …"},{"title":"CISA Adds One Known Exploited Vulnerability to Catalog","url":"/news/2026-05-29-cisa-adds-one-known-exploited-vulnerability-to-catalog/","date":"2026-05-29","summary":"Summary: CISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation.\nWhy it matters: …"},{"title":"How Braintrust turns customer requests into code with Codex","url":"/news/2026-05-29-how-braintrust-turns-customer-requests-into-code-with-codex/","date":"2026-05-29","summary":"Summary: How Braintrust engineers use Codex with GPT-5.5 to run experiments and code faster.\nWhy it matters: This matters if it changes how teams think about …"},{"title":"A shared playbook for trustworthy third party evaluations","url":"/news/2026-05-29-a-shared-playbook-for-trustworthy-third-party-evaluations/","date":"2026-05-29","summary":"Summary: OpenAI shares guidance on third-party AI evaluations, covering how to assess model capabilities, safeguards, and validity for frontier systems.\nWhy it …"},{"title":"ABB Busch-Welcome 2 Wire Door Opener Actuator","url":"/news/2026-05-28-abb-busch-welcome-2-wire-door-opener-actuator/","date":"2026-05-28","summary":"Summary: View CSAF Summary ABB is aware of vulnerabilities in the product versions listed as affected in the advisory.\nWhy it matters: This matters if it …"},{"title":"ABB EIBPORT","url":"/news/2026-05-28-abb-eibport/","date":"2026-05-28","summary":"Summary: View CSAF Summary ABB is aware of vulnerabilities in the product versions listed as affected in the advisory.\nWhy it matters: This matters if it …"},{"title":"CP Plus 8 Ch. Network Video Recorder","url":"/news/2026-05-28-cp-plus-8-ch-network-video-recorder/","date":"2026-05-28","summary":"Summary: View CSAF Summary Successful exploitation of this vulnerability allows an attacker\u0026rsquo;s malicious script to execute in the browser of any …"},{"title":"Fourth Frontier Frontier X Mobile Application, Frontier X2","url":"/news/2026-05-28-fourth-frontier-frontier-x-mobile-application-frontier-x2/","date":"2026-05-28","summary":"Summary: View CSAF Summary Successful exploitation of this vulnerability could allow an attacker to read and write arbitrary handle values and change clinical …"},{"title":"Jinan USR IOT Technology Limited (PUSR) USR-W610 RS232/485 to Wi-Fi/Ethernet Converter","url":"/news/2026-05-28-jinan-usr-iot-technology-limited-pusr-usr-w610-rs232-485-to-wi-fi-ethernet-converter/","date":"2026-05-28","summary":"Summary: View CSAF Summary Successful exploitation of this vulnerability could result in an attacker gaining administrator access to the device.\nWhy it matters: …"}]}