Stop Fixing All Security Vulnerabilities, Say B-Sides Security Presenters 88
PMcGovern writes "At BSidesLV in Las Vegas, Ed Bellis and Data Scientist Michael Roytman gave a talk explaining how security vulnerability statistics should be done: 'Don't fix all security issues. Fix the security issues that matter, based on statistical relevance.' They looked at 23,000,000 live vulnerabilities across 1,000,000 real assets, which belonged to 9,500 clients, to explain their thesis."
Re:A better way to phrase it: (Score:5, Funny)
Everybody knows hackers will just shrug and give up after you fix 90% of your vulnerabilities.
Re:Misleading titles all around (Score:2, Funny)
Their real point is, if you have limited resources, prioritize the vulnerabilities that are (a) currently being exploited and (b) most likely to be exploited given the habits of your favourite boogeyman.
Sounds good! So, everyone who has UNLIMITED resources can ignore this article. It only applies to the VERY SMALL NUMBER of people who have limited resources.
Re:How about (Score:3, Funny)
That's exactly what
Sorry, but maybe you should know by now, this is /., so that's all I had time to read before my self-centered attention span waned and drifted back to myself. Now, since I'm more important than you, I'm going to lecture you on why my opinion is better than yours based on the amount of your post I was able to read before I bored looking at something that isn't me. First...
Oh, wait, I found something more important. Someone's being WRONG about my favoritest cartoon in the whole wide world evar, so I need to go insult the lesser beings! Bye!
Re:Really? (Score:5, Funny)
Re: erm, no? (Score:5, Funny)
Theoretically, there should be some computer scientists who know how to use English.
Theory and reality are the same, in theory. In reality, however...