tag:blogger.com,1999:blog-4088979.post111533966252284300..comments2023-10-16T06:06:25.012-04:00Comments on TaoSecurity Blog: Risk, Threat, and Vulnerability 101Richard Bejtlichhttp://www.blogger.com/profile/13512184196416665417noreply@blogger.comBlogger4125tag:blogger.com,1999:blog-4088979.post-6324345172783436552009-02-10T03:31:00.000-05:002009-02-10T03:31:00.000-05:00This comment has been removed by a blog administrator.Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-4088979.post-1115416631095972602005-05-06T17:57:00.000-04:002005-05-06T17:57:00.000-04:00LOL! You guys are getting way to serious with thi...LOL! You guys are getting way to serious with this.<BR/><BR/>vulnerability- being a little guy in prison<BR/>threat- lots of big guys hopped up on testosterone<BR/>risk- bending over to pick up your soap in the showerAnonymousnoreply@blogger.comtag:blogger.com,1999:blog-4088979.post-1115404755514933722005-05-06T14:39:00.000-04:002005-05-06T14:39:00.000-04:00Richard:Regardless of whether Microsoft, NIST, or ...Richard:<BR/><BR/>Regardless of whether Microsoft, NIST, or CERT/CC use these terms as you do, I think Anonymous was (awkwardly) making a reasonable point.<BR/><BR/>That point essentially is that information security is an immature discipline that is still forming its own terminology (and taxonomy, for that matter). As the field matures, a certain terminological consensus will undoubtedly form, but for now there remains the potential for different people, each of whom is an acknowledged expert, to disagree. Indeed, some may even be sloppy, or think that others are drawing a distinction without a difference. Reacting harshly to such matters, I would argue, is neither called for nor productive, in my view. <BR/><BR/>As a final note, as Dan Geer so often points out, information security currently benefits from hybrid vigor, since the most knowledgeable in the field received their formal training in something else. I personally find it amusing that in discussing potential bad events and what we can do to manage them effectively, we who practice information security have opted to use our own terms for things which the insurance world already has perfectly good words for ("peril", "hazard"). Except for Quarterman's, I don't read any insurance blogs, but I suspect they aren't chiding us for our terminology, although I suppose by one set of criteria they might.Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-4088979.post-1115342809680386962005-05-05T21:26:00.000-04:002005-05-05T21:26:00.000-04:00I just wanted to say thank you for properly educat...I just wanted to say thank you for properly educating that anon poster.<BR/>-LonerVampAnonymousnoreply@blogger.com