Our understanding of vulnerabilities and their impact on a *population* or systems is super immature, especially when it comes to operational technology that is 1) mission critical but also then 2) slow to change. (1/2)https://twitter.com/kennwhite/status/1217838723343273984 …
I liken this to the flu or other health issues. We don’t (or shouldn’t) blame people for being sick but are always looking to blame people who run vulnerable systems. We should think of these as *populstions* governed, at scaled, with statistics. 2/2
-
-
Unfortunately we don’t understand these statistics well. Last year I sponsored a DARPA Young Faculty Award on quantifying vulnerability longevity, but the truth is we need much more study. (Cyber ITL is also doing important related work in this space I think) 3/2
Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi
-
-
-
What about people who deliberately choose not to vaccinate and then get sick, infecting others? We can and do blame them for the loss of herd immunity.
-
So I’ll admit the analogy only goes so far. But even then, I’d argue that we’d still be thinking of things as a population-scale, versus individual, issue.
Kraj razgovora
Novi razgovor -
-
-
We blame people for poor health decisions and bad hygiene, but not for getting sick. People who don't get vaccinated or who don't wash their hands, are issues whether or not they get infected. People who are vaccinated and practice good hygiene then get sick aren't blameworthy.
-
The question is what level of digital / cybersecurity hygiene is considered too little, and context. Not patching vulnerabilities until 3 days after release is not ideal for anyone, but for banks or security firms it is unacceptable.
Kraj razgovora
Novi razgovor -
Čini se da učitavanje traje već neko vrijeme.
Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.