score by collisions, patch by panic

Hello All I am the author of this post.

A couple of weeks ago, my previous piece ('The 90 day disclosure policy is dead') ended up here (https://lobste.rs/s/qxkdgl/90_day_disclosure_policy_is_dead). The thread had some good comments specifically the critique that 'saying the model is broken is a complaint, not a proposal.'

That was completely fair feedback, So I wrote this followup specifically to address the questions raised in that Lobsters thread. It is an informal engineering RFC moving past the complaint and focusing on the defensive architecture we actually have to adopt right now (eg. default deny network egress, ephemeral containers to break persistence and rootless runtimes).

I also directly answered a few of the hardest questions from the last thread at the bottom of the post. I am submitting it here as I would appreciate the same level of honest feedback on these architectural proposals. Where do these circuit breakers fail in your production pipelines?