Re: [fw-wiz] Re: Flawed Surveys [was: VPN endpoints]

From: Bruce B. Platt (
Date: 09/01/04

  • Next message: Crispin Cowan: "Re: [fw-wiz] Re: Flawed Surveys [was: VPN endpoints]"
    To: Tina Bird <>
    Date: Wed, 01 Sep 2004 17:22:06 -0400

    Tina Bird wrote:

    > It's not science, but I'm not sure that matters. What I'm hearing is:
    > - "people" are curious about "other people's" attitudes toward security
    > (where "people" and "other people" are deliberately vaguely defined)
    > - "people" think that asking questions and collecting answers is a good
    > way
    > to collect information about the question
    > --> so it comes down to, what is the question we're investigating, and
    > do we
    > agree that collecting the answers to the question from a self-selected
    > (and
    > difficult to externally validate) set of respondents is a good way to
    > investigate? It's not science, although it shows glimmers of being
    > rational
    > :-)
    > Although I think I am with Marcus on this one -- after all, is asking
    > one's
    > partner "Do you love me?" a good way to answer the question? Or do you
    > get
    > more reliable data by collecting it in other ways? All of the data you
    > collect is interesting, but it is more or less useful, depending...
    I left a long passage from your post so I can point out that a respected
    method of research is in the use of "unobtrusive measures". One
    measures the popularity of a museum exhibit not by counting the people
    who walk in to stand in front of it, but rather by measuring the wear in
    the floor (or floor covering) caused by the visitors and then measuring
    that against a known scale of wear tendencies.

    Researchers adopted these sorts of measures from a knowledge that
    measuring can influence that which is being measured.

    How appropriate for this thread. Who wants to admit in a survey that
    they aren't doing what is needed to stay secure?

    Referring to your blaster comments, why don't we just start plotting
    reverse lookups of probes from infected outward-facing machines, or
    spewers of virus laden mail and then use that data to create a db of
    "insecure" organizations. (ad hoc definition of an insecure organization.)

    Take that, then survey executives from those firms and other firms with
    small numbers of outward-directed probes or virus transmissions. There
    is an operational definition of insecurity stated above which can be
    compared to survey results. Perhaps this gets around the self-selected
    issue as well as some others.

    firewall-wizards mailing list

  • Next message: Crispin Cowan: "Re: [fw-wiz] Re: Flawed Surveys [was: VPN endpoints]"

    Relevant Pages

    • Re: Datums & Geoids
      ... (even survey astro fixes are only good to a few hundred metres - from ... with respect to the local horizon - that is, you are measuring the ... position as the datum for the survey network built on it. ...
    • Re: How big are surveyor pegs
      ... I went to city hall and obtained a copy of the survey plot they had on ... I had a neighbor that said his house was ... measuring from their houses to the line came to the same place. ...
    • Re: The accuracy of passenger forecasts for reopening line investment cases.
      ... purpose of the survey is. ... They will say what the subject of the survey is but not what metrics they are measuring. ...