However, since security is a sacred value, you're not really encouraged to voice aloud the necessary consequence of this, which is that e.g. there's some level of account takeovers or fraudulent claims or bank robberies which are acceptable losses (to be distributed somehow).
-
-
Show this thread
-
"You're being facetious about bank robberies, Patrick" No I'm not. The direct cost of them is clustered around $8k per, which is less than the minimum buy-in for a lawsuit, which is why Don't Be A Hero is the first thing every bank employee learns at every training about this.
Show this thread -
Society distributes the cost of bank robberies thus: To deter potential scalable robberies, there is a bit of private investment in looking secure and some public investment in making "career bank robber" and "career prisoner" effectively synonymous. Losses? Bank pays, the end.
Show this thread
End of conversation
New conversation -
-
-
This is why events like the FTC letting Equifax off the hook is so annoying. To make security a priority the penalties for negligence have to be meaningful. Just looking at it as a technical issue is missing the point.
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
A restatement of the “security is not a Boolean option” rule from another perspective
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
This is true of accessibility features too, though I think that is even less acceptable to say out loud right now
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
The consumer-preference and margin-oriented solution is insurance, when it can be properly designed, packaged, and sold.
-
And then the insurance provider has a financial incentive to develop and publicize practical, widespread security improvements.
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.