[fw-wiz] Re: Flawed Surveys [was: VPN endpoints]

• Previous message: lists_at_notatla.org.uk: "Re: [fw-wiz] Re: Flawed Surveys [was: VPN endpoints]"
• In reply to: Marcus J. Ranum: "[fw-wiz] Re: Flawed Surveys [was: VPN endpoints]"
• Next in thread: MHawkins_at_TULLIB.COM: "RE: [fw-wiz] Re: Flawed Surveys [was: VPN endpoints]"
• Maybe reply: MHawkins_at_TULLIB.COM: "RE: [fw-wiz] Re: Flawed Surveys [was: VPN endpoints]"
• Maybe reply: lists_at_notatla.org.uk: "Re: [fw-wiz] Re: Flawed Surveys [was: VPN endpoints]"
• Maybe reply: Stailey, Mike: "RE: [fw-wiz] Re: Flawed Surveys [was: VPN endpoints]"
• Maybe reply: Don Parker: "RE: [fw-wiz] Re: Flawed Surveys [was: VPN endpoints]"
• Maybe reply: MHawkins_at_TULLIB.COM: "RE: [fw-wiz] Re: Flawed Surveys [was: VPN endpoints]"
• Maybe reply: Stailey, Mike: "RE: [fw-wiz] Re: Flawed Surveys [was: VPN endpoints]"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

To: "Marcus J. Ranum" <mjr@ranum.com>
Date: Wed, 1 Sep 2004 16:16:38 -0400 (EDT)

On Wed, 1 Sep 2004, Marcus J. Ranum wrote:

> Paul D. Robertson wrote:
> >I've often used the results of non-randomized, non-blinded surveys to
> >approximate my risk. It's often worked well. Just because it can go
> >wrong doesn't mean it has to.
>
> People used the theory that Earth was in the center of the solar
> system for thousands of years. It often worked well. Just because
> it was wrong didn't really matter a whole lot, either, until they
> started trying to use that theory for actual problem-solving
> instead of just painting cool stuff on temple walls.

Ah, let's take this a step further.

When people thought the earth was flat, they drew maps based upon that
thought. What I'm saying is that those maps were _useful_ for finding
one's way around- even though they weren't as accurate or correct as they
could have been- and they were less accurate for long trips than they
were for short ones.

We're in a space where getting good incident data say from the financial
sector just isn't going to happen. Rather than throwing up my hands and
waiting for good data, I'll deal with what I can get, and find it useful.

> When "doing it right" is just a small amount harder than "doing
> it wrong" the excuse "I like doing it wrong" is really, really weak.

Absolutely! But when it comes between doing it not at all, or doing it
poorly, doing it poorly can be useful.

I'm not saying "Let's base everything we can on surveys!" I'm saying that
survey data can be useful, and you can improve the usefulness of that data
by throwing out the obviously bad data (ooutliers) and by checking against
the data you do have.

Paul
-----------------------------------------------------------------------------
Paul D. Robertson "My statements in this message are personal opinions
paul@compuwar.net which may have no basis whatsoever in fact."
probertson@trusecure.com Director of Risk Assessment TruSecure Corporation
_______________________________________________
firewall-wizards mailing list
firewall-wizards@honor.icsalabs.com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

• Previous message: lists_at_notatla.org.uk: "Re: [fw-wiz] Re: Flawed Surveys [was: VPN endpoints]"
• In reply to: Marcus J. Ranum: "[fw-wiz] Re: Flawed Surveys [was: VPN endpoints]"
• Next in thread: MHawkins_at_TULLIB.COM: "RE: [fw-wiz] Re: Flawed Surveys [was: VPN endpoints]"
• Maybe reply: MHawkins_at_TULLIB.COM: "RE: [fw-wiz] Re: Flawed Surveys [was: VPN endpoints]"
• Maybe reply: lists_at_notatla.org.uk: "Re: [fw-wiz] Re: Flawed Surveys [was: VPN endpoints]"
• Maybe reply: Stailey, Mike: "RE: [fw-wiz] Re: Flawed Surveys [was: VPN endpoints]"
• Maybe reply: Don Parker: "RE: [fw-wiz] Re: Flawed Surveys [was: VPN endpoints]"
• Maybe reply: MHawkins_at_TULLIB.COM: "RE: [fw-wiz] Re: Flawed Surveys [was: VPN endpoints]"
• Maybe reply: Stailey, Mike: "RE: [fw-wiz] Re: Flawed Surveys [was: VPN endpoints]"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]