Before I put any of my PII or payment data into any system, I'm going to be damn sure to do my due diligence and ensure that they are adhering to some basic security guidelines. As someone who has these skills, I feel obliged to perform audits on systems I use for the benefit of everyone else using the services as well.
I would hope an off-duty mechanic would let me know if it sounds like my car is about to explode. If I'm hanging out with a botanist in the woods, I'd expect that they would let me know if I'm about to eat poison plants. We need to look out for each other, because there sure as hell aren't proper incentives for companies to lock their shit down. Maybe your systems are great, but 90% of networks out there are dangerously insecure.
We seem to be on similar pages, i feel the same way about allowing something that looks like an attack, to persist and become, or obfusicate an actual attack. I want to be sure that entity is adhering to safety guidelines, and in my case doesnt get into trouble if my system is triggered to defend itself.
It would probably help the ~90% of networks if hardware and applications shipped out with secure configurations.
I would hope an off-duty mechanic would let me know if it sounds like my car is about to explode. If I'm hanging out with a botanist in the woods, I'd expect that they would let me know if I'm about to eat poison plants. We need to look out for each other, because there sure as hell aren't proper incentives for companies to lock their shit down. Maybe your systems are great, but 90% of networks out there are dangerously insecure.