Shostack + Friends Blog Archive


How Much Does A Firewall Reduce Your Risk?

firewall-shirt.jpgIn a recent post, “The Future Belongs To The Quants,” Chris suggests that risk mitigations must be quantifiable. My post “In The Future, Everyone Will Be Audited for 20 Years,” lists what the FTC is requiring for risk mitigation. It seems none of it is quantifiable. Chris?




(Incidentally, I think this iptables shirt may be the single geekiest t-shirt I have ever seen, including the vendor room at probably 10 Defcons. From lilit’s photostream.)

2 comments on "How Much Does A Firewall Reduce Your Risk?"

  • Chris Walsh says:

    I guess that’s the difference between the executive and judicial branches.
    I’ll try to say something on this later.

  • Chris Walsh says:

    Interesting T-shirt.
    For geekiness, I’ve always liked
    /* Your are not expected to understand this */
    but I suspect that few people wearing such a shirt have encountered the actual comment (I certainly haven’t), which detracts substantially from the geek factor.
    Dennis Ritchie has a great page about such things.

Comments are closed.