|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: [Dailydave] Graphing: Don't believe everything you see.
From: Adam Shostack (adam
homeport.org)
Date: Wed Feb 07 2007 - 12:39:26 CST
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Speaking for myself, I think there are much more interesting questions
than looking at correlations between defects and complexity. For
example, we could look at correlations between failures in the real
world and training/education.
The breach notices that Attrition is accumulating
(http://attrition.org/dataloss) give us a set of real wolrd failure
data. That's something we've never really had. Now we can start
mining it and learning things. For example, does the number of CISSPs
employed by an organization correlate with the reports of failures
compared to other similar orgs? Is that correlation positive or
negative? Does "user education" have an effect?
There's a huge amount of data in the attrition data set, and it all
involves real pain that real organizations are feeling as they try to
secure their data. It's worth studying.
Adam
On Wed, Feb 07, 2007 at 02:35:38AM -0500, dangeer.org wrote:
|
| If anyone wants to argue about whether complexity
| and security are negatively correlated, then let's
| get to it.
|
| --dan, resisting burning bandwidth unasked
|
| _______________________________________________
| Dailydave mailing list
| Dailydavelists.immunitysec.com
| http://lists.immunitysec.com/mailman/listinfo/dailydave
_______________________________________________
Dailydave mailing list
Dailydavelists.immunitysec.com
http://lists.immunitysec.com/mailman/listinfo/dailydave
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]