On 8/04/2014 18:12 pm, Jonathan Thornburg wrote: > On Tue, Apr 08, 2014 at 11:46:49AM +0100, ianG wrote: >> While everyone's madly rushing around to fix their bits&bobs, I'd >> encouraged you all to be alert to any evidence of *damages* either >> anecdotally or more firm. By damages, I mean (a) rework needed to >> secure, and (b) actual breach into sites and theft of secrets, etc, >> leading to (c) theft of property/money/value etc. >> > [[...]] >> >> E.g., if we cannot show any damages from this breach, it isn't worth >> spending a penny on it to fix! > > This analysis appears to say that it's not worth spending money to > fix a hole (bug) unless either money has already been spent or damages > have *already* occured. This ignores possible or probable (or even > certain!) *future* damages if no rework has yet happened. > > This seems like a flawed risk analysis to me.
Indeed. And you should also include insider theft, machine melt-down, seizure by authorities, power loss, spammers taking over the server, etc etc. The point being that we concentrate on a particular group of ills *because we can* and we ignore other ills /because we don't understand them/ . The end result is often that we waste out money, we would be better of balancing the risk analysis to include and learn other important risks. How do we tell what's important or not? With historical facts. Or with theory. But all theory tells us about the unknown is how good people are at presenting FUD. It takes experiments to turn it into science. > In particular, this analysis could be used to argue against spending any > money trying to reduce risk or damages from rare events which haven't > happened yet. For example, as of January 1, 2011 (= 69 days before the > Fukushima Daiichi disaster), this analysis would have said that since no > nuclear reactor in the world has ever been damaged by a tsunami (a true > statement on that date), it isn't worth spending any money trying to > secure nuclear reactors against tsunami damage. Ah, that is where framing the question is needed. I would have asked the question, what is the frequency and size of tsunamis? This is a question for which we have *a lot of data* . And how likely is a big one to damage the reactor? Well, we have a lot of data on how likely is a big one to damage big buildings. So some educated guesses can be made. And indeed, the water defences at Fukushima were rated for a lesser sized Tsunami, so someone asked the question, and fell on the wrong side of history. iang _______________________________________________ cryptography mailing list [email protected] http://lists.randombit.net/mailman/listinfo/cryptography
