The problem is when an installation is penetrated the reporting does not hold to account all the cybersecurity vendors that failed on the defining day. Like how reporting of being broken into is mandatory the list of failed cybersecurity vendors and the ensemble of software they guard should be listed. For learnings.