1. What was the impact of the intrusion in terms of direct costs to Sony?
2. What was the impact in terms of customers’ data breached and exposed?
3. How did Sony respond, technically, to secure the PlayStation Network?
4. Who was the attacker and what was the vector (this may be difficult to confirm; do your best!)?
5. What is PCI Compliance and was Sony in compliance? If not, are they liable?
6. Does Sony have an obligation to share any evidence about the attack on their proprietary network? Or are they better served to not share? What is the advantage or disadvantage of each position; i.e., share or not share?
7. What are the advantages/disadvantages of open source versus proprietary software in terms of vulnerability to an attack?