Being an expert in Computer Security is being an expert in Computer Science. Too many "best practices" are misconceptions because the deep Computer Science foundation is absent.
Conversation
Replying to
Sounds like you'd really appreciate -- this much of the conference meta summed up nicely.
Replying to
What's an example best practice caused by deep comp-sci foundation being absent? I am trying to understand better what counts as foundation in this statement (it is an overloaded word).
1
Replying to
AV is one example. Organizations mandate it even though it detects only known threats, is easily bypassable, increases the attack surface, and most AV products contain exploitable vulnerabilities.