Thursday, December 18, 2008

You Get What You Inspect

There are some great security catch phrases, like "Trust but verify." I found my new favorite in Fresher Cookers, an Economist article about designing stoves for the developing world.

“You don’t get what you expect—you get what you inspect,” says Dr [Kirk] Smith, [an expert on the impact of stove air-pollution on health.]

I think that maxim holds very true for anyone who inspects their enterprise to see how it is really used and abused. That saying holds true at every level -- network, platform, operating system, or application. All of these components are so complicated and ever-changing that you are likely to be surprised every time you stop to look at what's happening.

Richard Bejtlich is teaching new classes in DC and Europe in 2009. Register by 1 Jan and 1 Feb, respectively, for the best rates.


Anonymous said...

Nothing new;
"“ What we observe is not nature itself, but nature exposed to our method of questioning.” <--- werner heisenberg.

Steven Andres said...

I think I smell a t-shirt in the works! On sale during TCP/IP Weapons School? :)

inuk-x said...

Ah, but only those practicing NSM really "get" what they inspect!