said by Blackbird:"it was an ordinary attack..."
At least in my own experience there are 2 departments that have control over IT Security.
1. Public Relations
2. Legal
Nothing goes public without the approval/consent/input of PR & Legal.
Mandatory disclosures at the Federal level could offer a more accurate picture of current breaches.
After all, as Blackbird
pointed out, if all these breaches are indeed zero day or highly sophisticated or state sponsored it sends the message that it is useless to defend IT and that IT Security is based on the luck of the draw -
Meaningful, factual & verified mandatory breach disclosures would dramatically improve the IT Security landscape - especially among those companies that currently consider the cost of a breach just another cost of doing business with PR & Legal taking control of the public discussion.
/PR-Legal rant.