Skip to main content

Posts

Showing posts from August, 2012

No good news is as bad as no bad news.

When it comes to security, no news is good news.. but only if you're looking for bad news. Not looking for something and not finding it is a whole world away from just not finding something you're not looking for. That's like saying there you found no hole in the wall because you didn't look. Beware of selective exclusion. That is, listen for something that should have been said but wasn't. The statement sounds ok on it's own until you give it a little push. Then you might just find out is was just a cardboard cut out and not Tom Cruise.
Another way to look at the the quote is this: No bad news is a good news when you are constantly looking for bad news. You failed to find something bad so that itself is good. But you still have to go out looking for it. Eternal Vigilance is the price of security. It is a thankless job and valued far less.