I find the “blame struts” development sort of depressing. Aside from the "Great, somebody is going for the ‘commie FOSS caused the problem’ deflection; it is very difficult to think well of somebody running a nontrivial IT system who would consider “a single component failed; and that’s why the entire thing exploded into a heap of epic fail” to be even close to an acceptable excuse.
With the possible exception of people who have the luxury of formally verifying absolutely every nook and cranny(which isn’t most of them, few to none in commercial contexts), there’s an unavoidable element of (depressingly empirical, for a business that is supposed to be about finite state machines) testing, monitoring, redundancy, defense in depth, etc.
Perhaps some hacker deciding to strut Equifaxes stuff was the proximate cause; but no operation of their magnitude and sensitivity can possibly make a plausible excuse from just the proximate cause of an intrusion(especially given how long it went undetected). Things do get compromised; but not trusting untrustworthy elements is part of the job of putting together a system that isn’t too broken to live.
