tag:blogger.com,1999:blog-9079742631670078384.post8214468526457393217..comments2024-03-28T03:19:51.528-07:00Comments on Exploring Possibility Space: What analysis do we really need to guide vulnerability management?Russell Thomashttp://www.blogger.com/profile/06123406032076292954noreply@blogger.comBlogger2125tag:blogger.com,1999:blog-9079742631670078384.post-48626854482789437252014-02-14T12:29:13.885-08:002014-02-14T12:29:13.885-08:00Thanks, Raf, both for this comment and for facilit...Thanks, Raf, both for this comment and for facilitating the debate on your blog and podcast (Twitter, too).<br /><br />The esteemed Alex Hutton dubbed Information Risk Analysis a "proto-science", meaning we as a community haven't worked out the foundations and core principles yet. (Example from history: look at medical science in early-mid 1800s and the conflicts between the physicians, surgeons, and homeopaths.) As typical in a proto-science, there are going to be all sorts of confusions, "dead end" paths, and even "reinventing the wheel" sometimes. But I see this messiness as good, because out of it will evolve a more solid science and practice of quantitative Information Risk, if such a thing is possible -- and I believe it is!Russell Thomashttps://www.blogger.com/profile/06123406032076292954noreply@blogger.comtag:blogger.com,1999:blog-9079742631670078384.post-72513204018067956862014-02-14T12:18:32.140-08:002014-02-14T12:18:32.140-08:00Russell -
I'll readily admit that I'm no...Russell -<br /> I'll readily admit that I'm not a seasoned 'risk scientist' and reading your response I think I was a bit over-zealous on the notion that we can simply discount or exclude the adversaries in these technology decisions. What I do (still) believe is that at the micro level these types of decisions can get too complicated and fail "in the details" - but the value of including adversary *classes* (I think someone else said this too before me) is important on a macro level.<br /><br />Great post, thanks for replying with your nuggets of wisdom and joining the podcast discussion! I'll link back when we post, on Monday hopefully.<br /><br />/RafRafal Loshttps://www.blogger.com/profile/18106347834259269413noreply@blogger.com