Recently an instance of security journalism received a significant spotlight and significant pushback. Bloomberg claimed that a malicious chip had been found in servers used by Apple and Amazon, which both Apple and Amazon categorically denied. Either there is a significant cover up or Bloomberg got things very wrong. The latter possibility wouldn’t surprise us since from what we have seen over the years security journalism is filled with inaccurate and outright false claims, much of that coming from people in the security industry that either don’t know what they are talking about or are intentionally spreading false information. Security journalists seem to not be interested in avoiding that.

Last week we discussed a situation where security journalists were spreading false information due in part to relying on a single source that didn’t really know what he was talking about. Since then, we had an interaction with that source that made it clear that they are not a source that should be relied on alone (or maybe at all) as these journalists had done and that seems to be a good example of why security journalism is in such bad shape, which in turn is actually making WordPress websites (and websites in general) less secure. [Read more]