[cap-talk] "Immutable Law" #1 is alive and well at Microsoft
Ka-Ping Yee
cap-talk at zesty.ca
Thu Oct 4 19:20:30 EDT 2007
Microsoft's "threat" [1] modelling process made Slashdot a few days ago:
http://it.slashdot.org/article.pl?sid=07/10/01/1556258
Larry Osterman, the author of the cited article series, cites the old
"Immutable Law #1" as a reason to dismiss a category of threats:
http://blogs.msdn.com/larryosterman/archive/2007/09/21/threat-modeling-again-threat-modeling-rules-of-thumb.aspx
Is this a meme worth continuing to fight? And if so, how should we
fight it?
-- ?!ng
[1] "Threat" is in quotation marks because it appears that Larry
actually means "vulnerability." See:
http://taosecurity.blogspot.com/2007/10/someone-please-explain-threats-to.html
More information about the cap-talk
mailing list