Policy Roast: When Compliance Theater Becomes Fraud
Delve marketed SOC 2 and ISO compliance it didn't have. That's not a mistake—it's false advertising.
policy-roast
Policy Roast: NIST's DNS Security Guide While Federal Agencies Still Run Unpatched DNS
NIST publishes comprehensive DNS security guide while federal agencies continue operating vulnerable, unpatched DNS infrastructure.
Policy Roast: CIRCIA's 72-Hour Reporting Window Is Already Obsolete
CISA's 72-hour incident reporting rule assumes breaches are discovered instantly. Reality: most take 200+ days to detect.
Policy Roast: WhatsApp's View Once Feature Has a Fourth Bypass and Meta Won't Fix It
When 'ephemeral' messaging requires trusting both the platform and every person you message with.
Policy Roast: JCPenney's AI Makeup Advisor Just Became a $50M BIPA Liability
Virtual try-on tech meets Illinois biometric law. JCPenney faces class action over facial scanning without consent. Again.
Policy Roast: AI Companies Pay $12.5M to Clean Up the Mess AI Created
Anthropic, OpenAI, Google, and Microsoft just funded open source security. Specifically, security from AI-generated vulnerability spam their tools created.
Policy Roast: When the Fine Is Just the Cost of Doing Business
A mobile carrier paid $60K for breaking international carrier rules. For context, that's less than one executive's quarterly bonus.