Re: BGP Experiment

[Töma Gavrichenkov <ximaera () gmail com>]

On Wed, Jan 9, 2019 at 10:33 PM Owen DeLong <owen () delong com> wrote:
> At the end of the day, this is really about risk analysis
> and it helps to put things into 1 of 4 risk quadrants
> based on two axes… Axis 1 is the likelihood of the
> vulnerability being exploited, while axis 2 is the
> severity of the cost/consequences of exploitation.
>
> Obviously something that scores high on both axes
> will have me rolling out the upgrades as rapidly as
> possible, likely within 24 hours to at least the
> majority of the network.

Good for you (not kidding).  Not quite the same on average, as far as I can see.

> The other two quadrants are a grey area that
> becomes more of a judgment call where other
> factors specific to each operator and their
> customer profile will come into play.
> Some operators may have a high tolerance
> for high-probability low-cost problem, while
> others may find this very urgent, for example.

I agree with you; however, it's the other quadrant (high cost,
seemingly low probability) which is a real gray area IMO which allows
for collateral damage at a Hollywood blockbuster scale.

--
Töma