From Chris Hoff - in comments on Shurdlu’s Layer 8 blog:
…there is no “thing” (read: silver bullet) that the “market” will go for. There’s lots of silver buckshot
but it’s applied without order or strategy.
So my questions for you, Internet friends:
- What’s that order or strategy worth?
- What if it could be quantifiable (you know, metrics), how much then would it be worth?
- If quantified order or strategy is obtainable but complex, are you willing to accept that cost?
- What if it involves challenging your pre-conceived notions of how the security world works?
I ask, because let’s face it - if this order and strategy exists, it’s not going to be simple, like a mash-up between ALE, a vulnerability assessment. If it were simple, it would feel like it’s been right in front of our noses, but maybe disguised by our own preconceived notions. Note also, that this complexity would almost have to be strangely similar but substantially different than what we do now. I would expect changing to be difficult, I would expect it would involve everything we do, and do it in a manner that is, at first, foreign to us. We would, in a phrase, have to count the costs…
I HAVE QUESTIONS, DO YOU HAVE ANSWERS?
So what are your answers? What is order and strategy worth? Would you really be able to change the way you think, the way you work?
October 23, 2007, 7:43am Comments
