Dailydave mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Graphing: Don't believe everything you see.

From: Adam Shostack <adam () homeport org>
Date: Wed, 7 Feb 2007 13:39:26 -0500
Speaking for myself, I think there are much more interesting questions
than looking at correlations between defects and complexity.  For
example, we could look at correlations between failures in the real
world and training/education.

The breach notices that Attrition is accumulating
(http://attrition.org/dataloss) give us a set of real wolrd failure
data.  That's something we've never really had.  Now we can start
mining it and learning things.  For example, does the number of CISSPs
employed by an organization correlate with the reports of failures
compared to other similar orgs?  Is that correlation positive or
negative?  Does "user education" have an effect?

There's a huge amount of data in the attrition data set, and it all
involves real pain that real organizations are feeling as they try to
secure their data.  It's worth studying.

Adam

On Wed, Feb 07, 2007 at 02:35:38AM -0500, dan () geer org wrote:
| 
| If anyone wants to argue about whether complexity 
| and security are negatively correlated, then let's
| get to it.
| 
| --dan, resisting burning bandwidth unasked
| 
| _______________________________________________
| Dailydave mailing list
| Dailydave () lists immunitysec com
| http://lists.immunitysec.com/mailman/listinfo/dailydave
_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
http://lists.immunitysec.com/mailman/listinfo/dailydave
Previous By Date Next
Previous By Thread Next

Current thread: