RE: [fw-wiz] Re: Flawed Surveys [was: VPN endpoints]

From: Tina Bird (tbird_at_precision-guesswork.com)
Date: 09/01/04

  • Next message: Bruce B. Platt: "Re: [fw-wiz] Re: Flawed Surveys [was: VPN endpoints]"
    To: "Bruce B. Platt" <bruce@ei3.com>, "Marcus J. Ranum" <mjr@ranum.com>
    Date: Wed, 1 Sep 2004 13:35:06 -0700
    
    

    > Whatever you do is only as good as your starting hypothesis, the
    > operational definitions which you create, and your experimental
    > techniques.
    >
    My experience is marginally similar to Bruce's, in that prior to becoming a
    computer security architect, I was an observational astrophysicist. My Ph.D
    is on hypothesis testing and the use of statistics to study the
    gravitational evolution of clusters of galaxies.

    There are a lot of different, orthogonal bits of the current discussion:

    1) Did anyone claim that surveys about security are "science"? In
    particular, is there a hypothesis being tested? If there is a stated
    hypothesis, is a survey the best way to test it? If it's not testable -- or
    more strongly, if it can't be disproved -- it's not science.
    2) What is the purpose of the survey author?
    3) What do we hope to learn from surveys about security?
    4) How do we want to use surveys about security?

    When I'm in a particularly rebellious mood, I like to argue about the entire
    >existence< of the discipline of >>computer science<< -- what are the
    underlying theories and how do you test them? Little of what I >>do<< now
    has anything to do with science, although a lot of the skills I use day to
    day are similar to things I did for my research job.

    I don't think that surveys are designed to be observations that test a
    theory.

    cheers -- tbird

    _______________________________________________
    firewall-wizards mailing list
    firewall-wizards@honor.icsalabs.com
    http://honor.icsalabs.com/mailman/listinfo/firewall-wizards


  • Next message: Bruce B. Platt: "Re: [fw-wiz] Re: Flawed Surveys [was: VPN endpoints]"

    Relevant Pages

    • Re: [fw-wiz] VPN endpoints
      ... >In the information security case, this is generally numbers pulled out ... or the CIO magazine survey on security) - a lot of these surveys are ... When you do a poll, ... Anyhow, I know Devdas' posting did not officially invite this rant, ...
      (Firewall-Wizards)
    • Re: USASR2014: While reviewing the reseach at the University, number of offences unravelled as commi
      ... University disregards that science researcvh is conducted under the Professor at the University. ... Some lead Uni provide teh experience of presenting the reseach properly within that course and call it praudly 'Students research conference' and that was yeasterday. ... BLOCKING THE PUBLIC INFORMATION (UNDRS SANCTION BY THE SECURITY OFFICERS AS A RULE NOW) ...
      (soc.culture.usa)
    • Reports of interest:
      ... Basic Research and National Security. ... Security Controls on the Access of Foreign Scientists and Engineers to ... Center for Strategic & International Studies. ... Foreign Science Students and Scholars, ...
      (sci.research)
    • shorcut communication ESPECIALLY FOR ARMY COMMAND AND THE SECURITY
      ... SATELLITE TAHTSAY THAT SI ARMY THAT BELIEVE S TAHT ENTIRE FGLKOBAL ... understand what i say about metatheory of the science. ... All security policy for me and the First Virtual univ ersity taht i ...
      (soc.culture.usa)
    • Re: Botulism
      ... -- Barack Obama. ... Science_ today. ... security - we will turn ourselves into a second-rate nation. ...
      (alt.usage.english)