How do you prove that “they will not get compromised”

when a breach can be caused by an unknown CVE in the future?

That seems impossible to prove, I mean I understand you can patch, audit, encrypt, your way to a safer system, but proof (by definition) is a very high bar.

What is an acceptable demonstration of proof given unknown future events? How does one define proof in the sense “will not get compromised” (future tense is used in your phrasing so a proof would have to include all possible future outcomes)

The person I was responding to said these providers “should never get hacked”. Given that the default assumption is that systems are easily hacked, then logically such a requirement demands proof (in the sense of robust evidence) before acceptance that it is met. There is no sense in waiting for it to happen first when that is the default assumption.

To go a step further, you can apply this to any acceptance criteria. What evidence is there that any of these systems meet any meaningful acceptance criteria. What evidence is there that Okta has systems that can protect billions of dollars worth of assets from the teams of professional and state attackers that currently target their systems?

To then get to your direct question, if you really need “should never get hacked”, you could provide machine checked mathematical proofs of correctness, robust and exhaustive validations, and NSA penetration test reports showing zero identified vulnerabilities like what was done for the F-35. I mean, I guess that is only like 1000x better than prevailing commercial IT systems and not completely foolproof, but it is certainly a good starting point. You can probably think of some ways to evaluate even more robust security if you need more assurance than the US air force.

Unfortunately, getting breached is not a sign a person or organization is incompetent. All getting breached means is someone decided to attack and organization and found one or more holes in the organizations services.

Shooting a hole in a bulletproof vest with a slingshot is not a sign the bulletproof vest is garbage. All shooting a hole in a bulletproof vest with a slingshot means is someone decided to shoot a bulletproof vest with a slingshot and found one or more weak points in the bulletproof vest.

Sounds pretty stupid, right?

Okay, now replace slingshot with tank.

Now it does not sound so stupid.

Turns out you can learn something based on the effort needed to breach a defense.

As it turns out, the entire commercial IT industry is basically incapable of stopping small teams of moderately skilled attackers as has been demonstrated to death. A team with just 1-2 M$ of resources is basically unstoppable even with 100 M$- 1 G$ budgets. That is the definition of gross inadequacy.

‘Click Here to Kill Everybody’ talks in great detail about the asymmetry of defending against attacks. We are in a timeline where this is getting worse over time. A 100x or even 1000x budget/effort is now required to defend against some attack vectors. This isn’t fair, but it’s the state if affairs. My point being: you’re right, but tanks are now orders of magnitude cheaper than anti-tank defenses.

Is that why corp.it is replacing ssh with shit like teleport?

The only ones competent here are Cloudflare for detecting it earlier and informing Okta.

Yes, but they lose competency points for sharing a HAR file with an active Okta session token.

If you have a problem and your provider asks for the active HAR file.

It seems a problem with the provider. You're problem is probably not even going to be checked without fulfilling their request.

Okta should have revoked the token after the file was no longer needed.

Should I remind you that multiple customers were compromised because of this and that Cloudflare was probably the only one that wasn't breached AND notified Okta...