We explicitly blame the
designer:systems are deployed
in the real world, not a lab.Ease of administration matters.Why Johnny canŐt encrypt.Your grandmother has to remove spyware.
Why do we hypothesize,
test and repeat?
Survivability time, not
survivability average:Variance
matters.Mean & median
matter