On Thu, Mar 22, 2007 at 11:00:49AM -0400, Marcus J. Ranum wrote: > Personally I do not think that is possible because of site variances > in security implementation, site variances in targets and their > value, and site variances in practices. You can compute long-term > cigarette-related cancer mortality rates in humans because there is > a large (but dwindling!) sample of tobacco smokers but that works > because cigarette smoking affects all smokers more or less the same > way in large samples. [snip] It's worse than that. Computer security threats evolve quickly. Yesterday's risk probability cannot predict what will get announced at Black Hat tomorrow. To borrow your health care analogy, imagine what health insurance would be like if new superplagues evolved many times per year, had high mortality rates, and attacked specific cross-segments of the population. - Morty _______________________________________________ LogAnalysis mailing list LogAnalysis@private http://lists.shmoo.com/mailman/listinfo/loganalysis
This archive was generated by hypermail 2.1.3 : Fri Mar 23 2007 - 07:20:40 PST