tag:blogger.com,1999:blog-4088979.post114894845731372655..comments2023-10-16T06:06:25.012-04:00Comments on TaoSecurity Blog: Threat Term Used Properly in Government ReportRichard Bejtlichhttp://www.blogger.com/profile/13512184196416665417noreply@blogger.comBlogger2125tag:blogger.com,1999:blog-4088979.post-73966086639438344162008-01-14T19:30:00.000-05:002008-01-14T19:30:00.000-05:00The report did not name "malicious hackers, organi...The report did not name "malicious hackers, organized crime, terrorists, and nation states" as threats. It named them as "threat <B>agents</B>." A single threat agent may potentially exploit "one or more vulnerabilities," from which arises one or more threats. You haven't fully defined a threat unless you've defined not only the threat agent but also the vulnerability being exploited and the resulting negative consquence.<BR/><BR/>"Lightning" is a threat agent, not a threat. From that threat agent may arise several threats (e.g., "lightning exploits the human body's vulnerability to being damaged by electrical current to kill", "lightning exploits a server's vulnerability to a voltage spike to render the server inoperative", etc.)<BR/><BR/>You're dead on in your criticism of confusing the terms "vulnerability" and "threat." Unfortunately, you misuse the term "threat," yourself.Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-4088979.post-1162535047523245372006-11-03T01:24:00.000-05:002006-11-03T01:24:00.000-05:00I find inspiration in your blog entry.A tale of bu...I find inspiration in your blog entry.<BR/><A HREF="http://ryanlrussell.blogspot.com/2006/11/threat-vs-vulnerability.html" REL="nofollow">A tale of bunnies and kitties.</A>Anonymousnoreply@blogger.com