Security Related Quotes

 

• A risk requires a threat and a vulnerability that results in a negative consequence.
• A Threat is an Actor with a Capability and a Motive.
• Casual Attacker power grows at the rate of Metasploit.
• PCI won’t stop a determined attacker, but it will at least stop a casual attacker.
• PCI is better than nothing – it at least raises the bar.
• The organization doesn’t often profit from security investments.
• Attack surface is approaching infinity (which is not a real number).
• ƒRisk Mitigated can be both subjective and objective.
• The Adversary Doesn’t Care About Your ROI/ROSI.
• The problem is that security is so complex that every topic has a huge amount of context associated with.
• Don’t let your project’s definition of security be driven by the signatures in a tool, external compliance requirements, or what happens to be in a particular penetration tester’s or developer’s head.
• There are simply far too many ways to write insecure code.
• We don’t need to fix those vulns; we have a WAF-  ROFL