Thursday, August 30, 2012

Security Related Quotes


  • A risk requires a threat and a vulnerability that results in a negative consequence.
  • A Threat is an Actor with a Capability and a Motive.
  • Casual Attacker power grows at the rate of Metasploit.
  • PCI won’t stop a determined attacker, but it will at least stop a casual attacker.
  • PCI is better than nothing – it at least raises the bar.
  • The organization doesn’t often profit from security investments.
  • Attack surface is approaching infinity (which is not a real number).
  • ƒRisk Mitigated can be both subjective and objective.
  • The Adversary Doesn’t Care About Your ROI/ROSI.
  • The problem is that security is so complex that every topic has a huge amount of context associated with.
  • Don’t let your project’s definition of security be driven by the signatures in a tool, external compliance requirements, or what happens to be in a particular penetration tester’s or developer’s head.
  • There are simply far too many ways to write insecure code.
  • We don’t need to fix those vulns; we have a WAF-  ROFL

No comments:

Post a Comment