|
|
|
|
|
|
by Spearchucker
4389 days ago
|
|
|
Respectfully (I mean no offence), your comment is typical of one that trivialises security. Information disclosure is one of only six threats (spoofing, tampering, repudiation, information disclosure, denial of service, and elevation of privilege). Threats (individually, or within a threat tree) lead to exploits, which if not mitigated, have consequences. They in turn have an impact. The impact for Yo is not the degree of sensitivity of the data - that's semantic. The real impact is reputational. Trust is easily obtained, but very difficult to regain once lost. |
|
|
I don't believe you. People still shop at Target, people still use Heartland payment processing systems, people still use Comodo and Verisign as digital certificate authorities. Stratfor still has customers, people still use Firefox, Internet Explorer and Chrome, and so on.
In this thread you ask people to care about security because of the harm it will bring to their reputation, but really you are the only person who considers the security reputation of a company, service, or product before using it. No-one else does. People in the world consider hackers and security problems to be a bit like tornadoes - what could you have done differently to avoid being hit by one?
And really, the track record for making secure software is very bad. Matasano is the premier application security consulting company in the world. Their blog got hacked. Microsoft is the premier software development company in the world, they invest billions comma billions of dollars in the security of their software, from paying internal red teams to giving grants to leading academics for groundbreaking research. Their software still gets hacked.
So what's your secret to making software secure? Is it more quotes from the CISSP handbook?