Do not ship any product with insecure protocols used for administrative\/programmatic access even available in the configuration options<\/b>\nRouter\/firewall vendors: remove telnet<\/code> completely<\/i> from the configuration options. All vendors: Only make your web interfaces & APIs available via TLS\/SSL (even if that means shipping with default, self-signed certificates). Where you must leave a choice (e.g. legacy support), present the default configs with only secure options for new installations and slap enough warning dialogs to annoy organizations’ IT workers into Doing The Right Thing™.<\/p>\n<\/li>\n
Default to integrating with centralized identity & access management systems<\/b>\nI understand the need for one “failsafe” account to get into the application prior to full integration, but if you should be ashamed of yourself if you ship a product that uses local accounts & groups and has no robust means of integrating with SiteMinder, Active Directory, LDAP or other centralized systems. Every organization need to be able to control all access as centrally as possible and you are doing us all a disservice by not providing this functionality.<\/p>\n
<\/li>\n
Have multi-factor support for administrative access<\/b>\nLack of control of admin-level access is one of top findings in audit reports. There are a multitude of multi-factor authentication systems out there, many at little-to-no-cost. Giving organizations the means to stave off hackers and auditors in one stroke will score you major points, especially at contract re-up time.<\/p>\n
<\/li>\n
Provide robust & open reporting out-of-the-box<\/b>\nYou all claim to provide good reporting and you all lie. All of you. Capture every action and event and make it easy to get to that data, even if it means providing access to the back-end database (read-only, of course). The ability to tie reporting sources together is one key weapon in our arsenal as we try to defend our organizations from malicious individuals (both internal and external). Giving us the ability to slice & dice what is happening in your systems (using any tool we want) is a crucial component in this defensive strategy.<\/p>\n
<\/li>\n
Don’t use “cyber” or “APT” in any of your literature this year<\/b>\nI’ll give you a pass if more than 75% of your revenue comes from the U.S. government as you have to sell you wares to them with those keywords in your proposals or you’ll never get in the door. But, when selling to the rest of us, forget buzzwords and give us practical solutions to help in ailing areas such as signature-based anti-malware or managing a ton of boxes in a private cloud effectively. We don’t need FUD, we need to be fed<\/b> a healthy diet of cost-effective, easy-to-manage, enterprise-capable wares.<\/p>\n
<\/li>\n
Align your licensing structure to fit “the cloud”<\/b>\nMany of us are having to become contract, legal and finance experts just to be able to figure out how to make your products cost-effective in public and private clouds. I guarantee you that no matter how inbred you may be within an organization, you will be easily supplanted by the first competitor who makes it easy to transition from your tool and had a easy way to manage licenses in modern dynamic computing environments.<\/p>\n<\/li>\n<\/ul>\n
Those are just a few points, but it will be difficult for most of you to tackle even one of them. However, if even one of you does manage to check even one item off that list, you stand to help make Christmas a little more merry and a little more bright this time next year*<\/sup>.<\/p>\n*<\/sup>Apocalypse not withstanding.<\/small><\/p>\n","protected":false},"excerpt":{"rendered":"Dear $VENDOR, 2012 is nigh upon us and with the new year, I am throwing down a challenge to each and every IT vendor out there. 2011 was a brutal year of incidents, breaches, outages and FUD and the last thing anyone needs is a repeat performance. Instead, please take this list back to the […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"activitypub_content_warning":"","activitypub_content_visibility":"","activitypub_max_image_attachments":3,"activitypub_interaction_policy_quote":"anyone","activitypub_status":"","footnotes":""},"categories":[3,6,79],"tags":[545,550,544,393,549,547,546,543,741,548,425,542],"class_list":["post-690","post","type-post","status-publish","format-standard","hentry","category-information-security","category-software","category-vendors","tag-access-management-systems","tag-business-software","tag-finance-experts","tag-firewall-2","tag-information-technology-management","tag-insecure-protocols","tag-local-accounts-amp-groups","tag-multi-factor-authentication-systems","tag-ssl","tag-u-s-government","tag-us-federal-reserve","tag-web-interfaces"],"yoast_head":"\n
An Open Letter to IT Vendors For 2012 - rud.is<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/rud.is\/b\/2011\/12\/18\/an-open-letter-to-it-vendors-for-2012\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"An Open Letter to IT Vendors For 2012 - rud.is\" \/>\n<meta property=\"og:description\" content=\"Dear $VENDOR, 2012 is nigh upon us and with the new year, I am throwing down a challenge to each and every IT vendor out there. 2011 was a brutal year of incidents, breaches, outages and FUD and the last thing anyone needs is a repeat performance. Instead, please take this list back to the […]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/rud.is\/b\/2011\/12\/18\/an-open-letter-to-it-vendors-for-2012\/\" \/>\n<meta property=\"og:site_name\" content=\"rud.is\" \/>\n<meta property=\"article:published_time\" content=\"2011-12-19T00:52:53+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2011-12-19T02:32:35+00:00\" \/>\n<meta name=\"author\" content=\"hrbrmstr\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"hrbrmstr\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/rud.is\/b\/2011\/12\/18\/an-open-letter-to-it-vendors-for-2012\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/rud.is\/b\/2011\/12\/18\/an-open-letter-to-it-vendors-for-2012\/\"},\"author\":{\"name\":\"hrbrmstr\",\"@id\":\"https:\/\/rud.is\/b\/#\/schema\/person\/d7cb7487ab0527447f7fda5c423ff886\"},\"headline\":\"An Open Letter to IT Vendors For 2012\",\"datePublished\":\"2011-12-19T00:52:53+00:00\",\"dateModified\":\"2011-12-19T02:32:35+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/rud.is\/b\/2011\/12\/18\/an-open-letter-to-it-vendors-for-2012\/\"},\"wordCount\":666,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\/\/rud.is\/b\/#\/schema\/person\/d7cb7487ab0527447f7fda5c423ff886\"},\"keywords\":[\"access management systems\",\"Business software\",\"finance experts\",\"firewall\",\"Information technology management\",\"insecure protocols\",\"local accounts & groups\",\"multi-factor authentication systems\",\"SSL\",\"U.S. government\",\"US Federal Reserve\",\"web interfaces\"],\"articleSection\":[\"Information Security\",\"Software\",\"Vendors\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/rud.is\/b\/2011\/12\/18\/an-open-letter-to-it-vendors-for-2012\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/rud.is\/b\/2011\/12\/18\/an-open-letter-to-it-vendors-for-2012\/\",\"url\":\"https:\/\/rud.is\/b\/2011\/12\/18\/an-open-letter-to-it-vendors-for-2012\/\",\"name\":\"An Open Letter to IT Vendors For 2012 - rud.is\",\"isPartOf\":{\"@id\":\"https:\/\/rud.is\/b\/#website\"},\"datePublished\":\"2011-12-19T00:52:53+00:00\",\"dateModified\":\"2011-12-19T02:32:35+00:00\",\"breadcrumb\":{\"@id\":\"https:\/\/rud.is\/b\/2011\/12\/18\/an-open-letter-to-it-vendors-for-2012\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/rud.is\/b\/2011\/12\/18\/an-open-letter-to-it-vendors-for-2012\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/rud.is\/b\/2011\/12\/18\/an-open-letter-to-it-vendors-for-2012\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/rud.is\/b\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"An Open Letter to IT Vendors For 2012\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/rud.is\/b\/#website\",\"url\":\"https:\/\/rud.is\/b\/\",\"name\":\"rud.is\",\"description\":\""In God we trust. All others must bring data"\",\"publisher\":{\"@id\":\"https:\/\/rud.is\/b\/#\/schema\/person\/d7cb7487ab0527447f7fda5c423ff886\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/rud.is\/b\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":[\"Person\",\"Organization\"],\"@id\":\"https:\/\/rud.is\/b\/#\/schema\/person\/d7cb7487ab0527447f7fda5c423ff886\",\"name\":\"hrbrmstr\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/i0.wp.com\/rud.is\/b\/wp-content\/uploads\/2023\/10\/ukr-shield.png?fit=460%2C460&ssl=1\",\"url\":\"https:\/\/i0.wp.com\/rud.is\/b\/wp-content\/uploads\/2023\/10\/ukr-shield.png?fit=460%2C460&ssl=1\",\"contentUrl\":\"https:\/\/i0.wp.com\/rud.is\/b\/wp-content\/uploads\/2023\/10\/ukr-shield.png?fit=460%2C460&ssl=1\",\"width\":460,\"height\":460,\"caption\":\"hrbrmstr\"},\"logo\":{\"@id\":\"https:\/\/i0.wp.com\/rud.is\/b\/wp-content\/uploads\/2023\/10\/ukr-shield.png?fit=460%2C460&ssl=1\"},\"description\":\"Don't look at me\u2026I do what he does \u2014 just slower. #rstats avuncular \u2022 ?Resistance Fighter \u2022 Cook \u2022 Christian \u2022 [Master] Chef des Donn\u00e9es de S\u00e9curit\u00e9 @ @rapid7\",\"sameAs\":[\"http:\/\/rud.is\"],\"url\":\"https:\/\/rud.is\/b\/author\/hrbrmstr\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"An Open Letter to IT Vendors For 2012 - rud.is","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/rud.is\/b\/2011\/12\/18\/an-open-letter-to-it-vendors-for-2012\/","og_locale":"en_US","og_type":"article","og_title":"An Open Letter to IT Vendors For 2012 - rud.is","og_description":"Dear $VENDOR, 2012 is nigh upon us and with the new year, I am throwing down a challenge to each and every IT vendor out there. 2011 was a brutal year of incidents, breaches, outages and FUD and the last thing anyone needs is a repeat performance. Instead, please take this list back to the […]","og_url":"https:\/\/rud.is\/b\/2011\/12\/18\/an-open-letter-to-it-vendors-for-2012\/","og_site_name":"rud.is","article_published_time":"2011-12-19T00:52:53+00:00","article_modified_time":"2011-12-19T02:32:35+00:00","author":"hrbrmstr","twitter_card":"summary_large_image","twitter_misc":{"Written by":"hrbrmstr","Est. reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/rud.is\/b\/2011\/12\/18\/an-open-letter-to-it-vendors-for-2012\/#article","isPartOf":{"@id":"https:\/\/rud.is\/b\/2011\/12\/18\/an-open-letter-to-it-vendors-for-2012\/"},"author":{"name":"hrbrmstr","@id":"https:\/\/rud.is\/b\/#\/schema\/person\/d7cb7487ab0527447f7fda5c423ff886"},"headline":"An Open Letter to IT Vendors For 2012","datePublished":"2011-12-19T00:52:53+00:00","dateModified":"2011-12-19T02:32:35+00:00","mainEntityOfPage":{"@id":"https:\/\/rud.is\/b\/2011\/12\/18\/an-open-letter-to-it-vendors-for-2012\/"},"wordCount":666,"commentCount":0,"publisher":{"@id":"https:\/\/rud.is\/b\/#\/schema\/person\/d7cb7487ab0527447f7fda5c423ff886"},"keywords":["access management systems","Business software","finance experts","firewall","Information technology management","insecure protocols","local accounts & groups","multi-factor authentication systems","SSL","U.S. government","US Federal Reserve","web interfaces"],"articleSection":["Information Security","Software","Vendors"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/rud.is\/b\/2011\/12\/18\/an-open-letter-to-it-vendors-for-2012\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/rud.is\/b\/2011\/12\/18\/an-open-letter-to-it-vendors-for-2012\/","url":"https:\/\/rud.is\/b\/2011\/12\/18\/an-open-letter-to-it-vendors-for-2012\/","name":"An Open Letter to IT Vendors For 2012 - rud.is","isPartOf":{"@id":"https:\/\/rud.is\/b\/#website"},"datePublished":"2011-12-19T00:52:53+00:00","dateModified":"2011-12-19T02:32:35+00:00","breadcrumb":{"@id":"https:\/\/rud.is\/b\/2011\/12\/18\/an-open-letter-to-it-vendors-for-2012\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/rud.is\/b\/2011\/12\/18\/an-open-letter-to-it-vendors-for-2012\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/rud.is\/b\/2011\/12\/18\/an-open-letter-to-it-vendors-for-2012\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/rud.is\/b\/"},{"@type":"ListItem","position":2,"name":"An Open Letter to IT Vendors For 2012"}]},{"@type":"WebSite","@id":"https:\/\/rud.is\/b\/#website","url":"https:\/\/rud.is\/b\/","name":"rud.is","description":""In God we trust. All others must bring data"","publisher":{"@id":"https:\/\/rud.is\/b\/#\/schema\/person\/d7cb7487ab0527447f7fda5c423ff886"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/rud.is\/b\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":["Person","Organization"],"@id":"https:\/\/rud.is\/b\/#\/schema\/person\/d7cb7487ab0527447f7fda5c423ff886","name":"hrbrmstr","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/i0.wp.com\/rud.is\/b\/wp-content\/uploads\/2023\/10\/ukr-shield.png?fit=460%2C460&ssl=1","url":"https:\/\/i0.wp.com\/rud.is\/b\/wp-content\/uploads\/2023\/10\/ukr-shield.png?fit=460%2C460&ssl=1","contentUrl":"https:\/\/i0.wp.com\/rud.is\/b\/wp-content\/uploads\/2023\/10\/ukr-shield.png?fit=460%2C460&ssl=1","width":460,"height":460,"caption":"hrbrmstr"},"logo":{"@id":"https:\/\/i0.wp.com\/rud.is\/b\/wp-content\/uploads\/2023\/10\/ukr-shield.png?fit=460%2C460&ssl=1"},"description":"Don't look at me\u2026I do what he does \u2014 just slower. #rstats avuncular \u2022 ?Resistance Fighter \u2022 Cook \u2022 Christian \u2022 [Master] Chef des Donn\u00e9es de S\u00e9curit\u00e9 @ @rapid7","sameAs":["http:\/\/rud.is"],"url":"https:\/\/rud.is\/b\/author\/hrbrmstr\/"}]}},"jetpack_featured_media_url":"","jetpack_shortlink":"https:\/\/wp.me\/p23idr-b8","jetpack_likes_enabled":true,"jetpack-related-posts":[{"id":600,"url":"https:\/\/rud.is\/b\/2011\/06\/14\/what-can-we-learn-from-the-lulzsec-senate-gov-hack-dump\/","url_meta":{"origin":690,"position":0},"title":"What Can We Learn From The @lulzsec senate.gov Hack Dump?","author":"hrbrmstr","date":"2011-06-14","format":false,"excerpt":"What can the @lulzsec senate.gov dump tell us about how the admins maintained their system\/site? [code light=\"true\"]SunOS a-ess-wwwi 5.10 Generic_139555-08 sun4u sparc SUNW,SPARC-Enterprise[\/code] means they haven't kept up with OS patches. [-1 patch management] [code light=\"true\"]celerra:\/wwwdata 985G 609G 376G 62% \/net\/celerra\/wwwdata[\/code] tells us they use EMC NAS kit for web\u2026","rel":"","context":"In "Breach"","block_context":{"text":"Breach","link":"https:\/\/rud.is\/b\/category\/breach\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":187,"url":"https:\/\/rud.is\/b\/2011\/02\/23\/herding-firesheep\/","url_meta":{"origin":690,"position":1},"title":"Herding [Fire]sheep","author":"hrbrmstr","date":"2011-02-23","format":false,"excerpt":"By now, many non-IT and non-Security folk have heard of Firesheep, a tool written by @codebutler which allows anyone using Firefox on unprotected networks to capture and hjijack active sessions to popular social media sites (and other web sites). The sidebar\/extension puts an attactive and easy-to-understand GUI over a process\u2026","rel":"","context":"In "Information Security"","block_context":{"text":"Information Security","link":"https:\/\/rud.is\/b\/category\/information-security\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":2225,"url":"https:\/\/rud.is\/b\/2013\/03\/03\/security-hobos\/","url_meta":{"origin":690,"position":2},"title":"Security Hobos","author":"hrbrmstr","date":"2013-03-03","format":false,"excerpt":"If you haven't viewed\/read Wendy Nather's (@451Wendy) insightful [Living Below The Security Poverty Line](https:\/\/451research.com\/t1r-insight-living-below-the-security-poverty-line) you really need to do that before continuing (we'll still be here when you get back). Unfortunately, the catalyst for this post came from two recent, real-world events: my returned exposure to the apparent ever-increasing homeless\u2026","rel":"","context":"In "Breach"","block_context":{"text":"Breach","link":"https:\/\/rud.is\/b\/category\/breach\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":146,"url":"https:\/\/rud.is\/b\/2011\/02\/19\/securing-su-with-google-authenticator\/","url_meta":{"origin":690,"position":3},"title":"Securing ‘su’ with Google Authenticator","author":"hrbrmstr","date":"2011-02-19","format":false,"excerpt":"Google's new do-it-yourself two-factor authentication (Google Authenticator) enables you to setup stronger logins on your linux system. Nick Wilkens (@nwilkens) has a good\/quick tutorial up on his company's blog for acquiring, compiling and setting up Google Authenticator for ssh sessions. NOTE: On the Ubuntu VPS I was doing testing on,\u2026","rel":"","context":"In "Authentication"","block_context":{"text":"Authentication","link":"https:\/\/rud.is\/b\/category\/authentication\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":136,"url":"https:\/\/rud.is\/b\/2011\/02\/14\/metricon-verification-versus-validation\/","url_meta":{"origin":690,"position":4},"title":"Metricon: Verification versus Validation","author":"hrbrmstr","date":"2011-02-14","format":false,"excerpt":"Speaker:\u00a0Jennifer Bayuk \u00a0 Based on work for Stevens Institute of Technology. How do professional systems engineers work? History: Mainframe physical security (punch cards) cables to terminals network to workstations (some data moves there & on floppies) *spike in misuse & abuse modems and dedicated links to external providers\/partners added midrange\u2026","rel":"","context":"In "Information Security"","block_context":{"text":"Information Security","link":"https:\/\/rud.is\/b\/category\/information-security\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":568,"url":"https:\/\/rud.is\/b\/2011\/06\/14\/weis-2011-session-1-attacks-the-impact-of-immediate-disclosure-on-attack-diffusion-volume\/","url_meta":{"origin":690,"position":5},"title":"WEIS 2011 :: Session 1 :: Attacks :: The Impact of Immediate Disclosure on Attack Diffusion & Volume","author":"hrbrmstr","date":"2011-06-14","format":false,"excerpt":"Sam Ransbotham Sabayasachi Mitra Presentation [PDF] Twitter transcript #weis2011 Does immediate disclosure of vulns affect exploitation attempts? Looking at impact on risk\/diffusion\/volume #weis2011 speaker is presenting standard attack process & security processes timelines (slides will be in the blog post) #weis2011 the fundamental question is when from the vulnerability discovery\u2026","rel":"","context":"In "Information Security"","block_context":{"text":"Information Security","link":"https:\/\/rud.is\/b\/category\/information-security\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]}],"jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/rud.is\/b\/wp-json\/wp\/v2\/posts\/690","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/rud.is\/b\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/rud.is\/b\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/rud.is\/b\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/rud.is\/b\/wp-json\/wp\/v2\/comments?post=690"}],"version-history":[{"count":0,"href":"https:\/\/rud.is\/b\/wp-json\/wp\/v2\/posts\/690\/revisions"}],"wp:attachment":[{"href":"https:\/\/rud.is\/b\/wp-json\/wp\/v2\/media?parent=690"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/rud.is\/b\/wp-json\/wp\/v2\/categories?post=690"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/rud.is\/b\/wp-json\/wp\/v2\/tags?post=690"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}