“…What I want is to predict the future. I want it for reasons that are no doubt emotionally clear, but I also want it because of my own definition of security: The absence of unmitigatable surprise. As always in cybersecurity, we are now talking tradeoffs. One of those is in deciding how many failures is the right number of failures. It can't be unbounded; that's obvious. It can't be zero, either, as zero quite likely means that you are overspending and, in any case, learning from failure is especially crisp; as Francis Bacon said "Truth emerges more readily from error than from confusion."
Dan Geer, an INFOSEC practitioners, practitioner.
No comments:
Post a Comment