Doing it Differently

“90% of attacks start with phishing!*” “Cyber attacks will cost the world 6 trillion by 2020!” We’ve all seen these sorts of numbers from vendors, and in a sense they’re April Fools day numbers: you’d have to be a fool to believe them. But vendors quote insane because there’s no downside and much upside. We…

Read More Leave Those Numbers for April 1st

Post thumbnail

Last week, I encouraged you to take a look at the ARM Network Camera Threat Model and Security Analysis, and consider: First, how does it align with the 4-question frame (“what are we working on,” “What can go wrong,” “what are we going to do about it,” and “did we do a good job?”) Second,…

Read More Threat Model Thursday: ARM’s Network Camera TMSA

Post thumbnail

[Update: The final article is available at “That Was Close! Reward Reporting of Cybersecurity ‘Near Misses’,” at the Colorado Technology Law Journal.]  Last week at Art into Science, I presented “That was Close! Doing Science with Near Misses” (Slides as web page, or download the pptx.) The core idea is that we should borrow from…

Read More Doing Science With Near Misses