I previously wrote several posts about the somewhat dire state of the world with regard to information security in vendor and supplier relationships. In particular, I noted the growing trend by vendors to decline material liability for security breaches – even in cases of gross negligence and willful misconduct. I also wrote most recently about how vendors are subcontracting key elements of their services to third party cloud providers and then disclaiming all liability for them. In the past, the vendor would have simply agreed they are responsible for such cloud providers as their subcontractors.