> I don’t think it’s an exaggeration to say that may yet become the norm in a not-too-distant future.
Maybe not so much for databases, but at least for HTTP it looks completely plausible to me. The steps would look something like:
- Cloud WAF services implement this as a default ruleset, disabled by default.
- Someone likes it and writes a blog post, claiming it to be a best practice (without elaborating on why it is so).
- People read that post, and enable it.
- Cloud WAF devs notice this ruleset is enabled by a lot of users.
- Announcement: New accounts will have this ruleset enabled by default.
- Every major cloud provider follows suit.
- Now, if you don't have it enabled, shame on you.
> I don’t think it’s an exaggeration to say that may yet become the norm in a not-too-distant future.
Maybe not so much for databases, but at least for HTTP it looks completely plausible to me. The steps would look something like:
- Cloud WAF services implement this as a default ruleset, disabled by default.
- Someone likes it and writes a blog post, claiming it to be a best practice (without elaborating on why it is so).
- People read that post, and enable it.
- Cloud WAF devs notice this ruleset is enabled by a lot of users.
- Announcement: New accounts will have this ruleset enabled by default.
- Every major cloud provider follows suit.
- Now, if you don't have it enabled, shame on you.