Worm city: security is in the eye of the beholder
it’s difficult living in the world of security researchers. every other day you get depressed knowing there is always yet another vulnerability, and if someone wants to, they will get you.
it is also difficult living in the world of security management and corporate security, when they try controlling their risk and lower their over-all vulnerability.
i am somewhere in the middle. twice cursed.
large companies are interesting because all the assets are spread amongst different groups, systems, networks, and physical locations.
so.. combine large companies with large code bases.
what you get is: worm city (or botnet city if you like). swiss cheese.
as vizzini would say: “inconceivable!” [the princess bride (1987)]
this quick post was written quoting parts of a conversation i had with a security researcher friend, known only as “anonymous jaded security something or other”.