Orientations

We’ve been talking a lot lately about confirmation bias. It turns out that newspaper endorsements are more influential when they are unexpected. The degree of this influence, however, depends upon the credibility of the endorsement. In this way, endorsements for the Democratic candidate from left-leaning newspapers are less influential than are endorsements from neutral or…

Read More Confirmation Bias and Newspaper Endorsements

In “The product manager’s lament,” Eric Ries writes about his view of product managers: Let’s start with what the product manager does. He’s supposed to be the person who specifies what the product will do. He writes detailed specs which lay out exactly what features the team should build in its next iteration. These specs…

Read More CTOs, Product Management and Program Management

Stephan Bugaj has a fascinating article up, “Steve Kurtz: Tactical Art.” I wanted to tie this to my post “The Discipline of ‘think like an attacker’” Kurtz only briefly mentioned his four year ordeal with the Department of Justice (this is also a good article about it), and only as a single exemplar of his…

Read More Discipline and Art

Security continues to be crippled by a conspiracy of silence. The ongoing costs of not talking about what’s going wrong are absolutely huge, and today, we got insight into just how huge. Richard Clayton and Tyler Moore of Cambridge University have a new paper on phishing, “The consequence of non-cooperation in the fight against phishing.”…

Read More The Costs of Secrecy

In reading Mordaxus’ post “Quantum Crypto Broken Again,” I was struck by his comment: It is a serious flaw because one of the main arguments about quantum cryptography is that because it is “physics” based as opposed to “computer” based, that it is more secure than software cryptography.” Firstly, security is almost always an outcome…

Read More Security is an Empirical and Social Science

John Kelsey had some great things to say a comment on “Think Like An Attacker.” I’ve excerpted some key bits to respond to them here. Perhaps the most important is to get the designer to stop looking for reasons attacks are impossible, and start looking for reasons they’re possible. That’s a pattern I’ve seen over…

Read More The Discipline of "think like an attacker"