QOTD - Herzog on Security

If we keep doing what we know doesn't work even "good enough", why keep doing it? It wasn't until we accepted that there are things we can never reliably know that we knew we had better find the limits to that which we did know. So then at least we'd have that going for us. For example we know that we can't reliably determine the impact of a particular vulnerability for everyone in some big database of vulnerabilities because it will always depend on the means of interactions and the functioning controls of the target being attacked.
-- Pete Herzog, managing director of ISECOM

Src: Better Security Through Sacrificing Maidens | InfoSecIsland.com

No comments: