david_chisnall on Nostr: > Vendor -> me: "That's not in our threat model" And then ask them to articulate ...

> Vendor -> me: "That's not in our threat model"

And then ask them to articulate their threat model, and it turns out that they don't actually have one, they just declare things out of scope if they're broken.