Even very smart guys like Dave don't understand risk basics. Attack costs, anyone? #ntiacollabhttps://twitter.com/daveaitel/status/672101231867858944 …
-
-
@attritionorg that's a pet peeve of mine that I find extremely annoying.@daveaitel -
@SpireSec You can measure vulnerability, and it stays constant. How do you measure threat in a non-bullshit way? -
@alexkropivny attacks, or after the fact via change in compromises (vuln constant or lower) -
@SpireSec What if attack data follows a Heaviside step function, and we're still at -t?
End of conversation
New conversation -
-
-
@attritionorg risk was there and can change; q is whether reduction in vuln offsets incr in threat. Almost never does.@daveaitel -
@SpireSec@attritionorg@daveaitel also vuln are a moving window, change over time, people assume you closed old ones as baseline
End of conversation
New conversation -
-
-
@attritionorg@SpireSec@daveaitel Broad brushes don't work here. -
@sawaba I don't follow or maybe I just don't think it is that complicated.@attritionorg@daveaitel -
@sawaba if looking at change before/after disclosure, impact shouldn't change, just probability.@attritionorg@daveaitel
End of conversation
New conversation -
-
-
@attritionorg@SpireSec@daveaitel Others result in pwnage within hours or less (if not before public disclosure).Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
@attritionorg@SpireSec@daveaitel Some 'critical' vulns and disclosures have no real impact beyond media frenzy. Zero.Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
@attritionorg@SpireSec@daveaitel where it really gets tricky is determining how each impacts the industry.Thanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.