Wednesday, December 21, 2016

When all you have is an attacker mindset everything looks like a vuln

from here

While thinking like an attacker has it's benefits, don't lose sight of the bigger picture - preventing incidents. The act of thinking like an attacker should inform the way defense is carried out, not the way attacks are carried out, especially when the asymmetry of attack vs. defense already favours the attacker.

Unfortunately it seems many people don't appreciate the fact that vuln-centric models of security and incident-centric models of security compliment each other.