Final Post on Mortman/Hutton and the Beginning of the End of the Beginning (Hopefully)

by alex on July 29, 2009

The last post on the Mortman/Hutton model today is the most important.  You see, the primary idea (to me) behind the Mortman/Hutton model was never really to come to a strict or broadly accepted model for discussing what factors drive (…)

Read the rest of this entry »

A Black Hat Sneak Preview (Part 2 of ?)

by David Mortman on July 16, 2009

Following up on my previous post, here’s Part 2, “The Factors that Drive Probable Use”. This is the meat of our model. Follow up posts will dig deeper into Parts 1 and 2. At Black Hat we’ll be applying this (…)

Read the rest of this entry »

An Example of Our Previous Graph In Action

by David Mortman on July 13, 2009

I wanted to throw it out here as an example of how you would the model from my earlier post in real life. So let’s take the recently released Internet Explorer security vulnerability and see how it fits. Now this (…)

Read the rest of this entry »

Running from the truth

by adam on July 9, 2009

Robin Hanson has an interesting article, “Desert Errors:” His findings stayed secret until 1947, when he was allowed to publish his pioneering Physiology of Man in the Desert. It went almost entirely unnoticed. In the late 1960s, marathon runners were (…)

Read the rest of this entry »

Business Week on Heartland

by David Mortman on July 9, 2009

Not much to add, but a good article in Business Week on Lessons from the Data Breach at Heartland. Well worth reading…

A Black Hat Sneak Preview (Part 1 of ?)

by David Mortman on July 6, 2009

Alex and I will be on a panel, A Black Hat Vulnerability Risk Assessment, at this year’s Black Hat. We’ll be discussing the need to perform a risk assessment of vulnerabilities as you become aware of them in a deeper (…)

Read the rest of this entry »