COOEY // HUBcompliance · community · intelligence

FAIL // hall of shame

The security failures of FedRAMP vendors, their competitors, and the hardware they ship — ranked by zero-days, remote code execution, active exploitation, sheer embarrassment, and False-Claims-Act recoveries. A dex.sgc.ai RAG curator writes each event's summary and scores how avoidable the failure was; every name links to its dossier.

722
on the board
1
zero-days
235
RCEs
101
exploited
544
assessed
$82M
FCA recovered
Overview☣ Most embarrassing◐ Most zero-days⚡ Most RCEs⌖ Most exploited⚖ Biggest FCA recoveries
All playersCompaniesVendorsProducts / HW ◧ FedRAMP only

☣ Most embarrassing

Ranked by how avoidable and reputation-shredding their worst failure was — the dex curator's grounded 0–100 verdict.

No entries yet — the curator populates this board as failure events are assessed.

◐ Most zero-days

Vulnerabilities exploited before a patch existed — the worst kind to ship.

No entries yet — the curator populates this board as failure events are assessed.

⚡ Most RCEs

Remote/arbitrary code-execution flaws — full-compromise class bugs.

No entries yet — the curator populates this board as failure events are assessed.

⌖ Most exploited

Count of their CVEs on CISA's Known-Exploited-Vulnerabilities catalog — actively used against defenders.

No entries yet — the curator populates this board as failure events are assessed.

⚖ Biggest FCA recoveries

Dollars recovered from contractors who misrepresented their cybersecurity — DOJ Civil Cyber-Fraud settlements.

No entries yet — the curator populates this board as failure events are assessed.