FireEye literally did the incident response for the Equifax hack, so I do not see how you can claim: "FireEye does accurate and honest attribution." but then also claim "Equifax likely made stuff up." unless you are claiming that FireEye was involved in incident response, but was somehow not involved in attribution, or that they made a true discovery-able report, but knowingly lied.
It is hardly a false equivalence. If everybody constantly fails with little to no evidence of any success by anyone ever despite continuous assurances of success by everyone, there is exactly zero evidence that a layperson should trust any statement on that topic without good, solid, objective evidence to the contrary. Given the track record in the industry, there is no reason to give the benefit of the doubt to any company. The burden of proof is on them to demonstrate their claims in a relatively objective, quantitative manner. If they have no means of proving a quantitative claim in a relatively objective manner, there is no reason to believe their claims given their track record. To provide an analogy, if somebody you trust to not be malicious asks you to follow them, but they can not justify why, then the smart thing to do is judge them based on their track record as that provides some part of an objective statistical basis for evaluating their prevailing success rate.
If you really must have evidence of a trend of insecurity amongst security companies. Then we can look no further than McAfee, Symantec, and Trend Micro all being breached between 2017-2019 that was attributed to "fxmsp" [1][2], a private Russian hacking group that was selling the contents of the breaches for a few $100k which demonstrates how easy it must have been for it to be profitable at that price point (to be fair they could sell it multiple times, but I doubt they sold it hundreds of times). So, what justification do you have for why FireEye's security should be any different than other companies or even other security companies?
Also, you only provided an answer to the low end of "easy" rather than the high end at 30 engineers for a year or 10 engineers for 3 years which would be needed to pull them out of the "easy" category by my standards. If you do claim they can survive that, can you provide either some reasonably quantitative evidence or public statements to that effect or the same for literally any other company in the world you think can do so as I have not once ever heard of a single company ever justifying such a claim in any verifiable manner. Thank you.
It is hardly a false equivalence. If everybody constantly fails with little to no evidence of any success by anyone ever despite continuous assurances of success by everyone, there is exactly zero evidence that a layperson should trust any statement on that topic without good, solid, objective evidence to the contrary. Given the track record in the industry, there is no reason to give the benefit of the doubt to any company. The burden of proof is on them to demonstrate their claims in a relatively objective, quantitative manner. If they have no means of proving a quantitative claim in a relatively objective manner, there is no reason to believe their claims given their track record. To provide an analogy, if somebody you trust to not be malicious asks you to follow them, but they can not justify why, then the smart thing to do is judge them based on their track record as that provides some part of an objective statistical basis for evaluating their prevailing success rate.
If you really must have evidence of a trend of insecurity amongst security companies. Then we can look no further than McAfee, Symantec, and Trend Micro all being breached between 2017-2019 that was attributed to "fxmsp" [1][2], a private Russian hacking group that was selling the contents of the breaches for a few $100k which demonstrates how easy it must have been for it to be profitable at that price point (to be fair they could sell it multiple times, but I doubt they sold it hundreds of times). So, what justification do you have for why FireEye's security should be any different than other companies or even other security companies?
Also, you only provided an answer to the low end of "easy" rather than the high end at 30 engineers for a year or 10 engineers for 3 years which would be needed to pull them out of the "easy" category by my standards. If you do claim they can survive that, can you provide either some reasonably quantitative evidence or public statements to that effect or the same for literally any other company in the world you think can do so as I have not once ever heard of a single company ever justifying such a claim in any verifiable manner. Thank you.
[1] https://gdpr.report/news/2019/05/15/mcafeesymantec-trend-mic...
[2] https://www.zdnet.com/article/fxmsp-hacker-indicted-by-feds-...