About Me

I ramble about a number of things - but travel experiences, movies and music feature prominently. See my label cloud for a better idea. All comnments and opinions on this blog are my own, and do not in any way reflect the opinions/position of my employer (past/current/future).

11 October 2012

Josh Corman's HD Moore's Law

Since yesterday's keynote by Josh Corman, HD Moore's Law has become some sort of a mantra by the other speakers at the conference.

It's a brilliant argument; instead of focusing on compliance as a minimum baseline, the minimum baseline should be, can you get compromised by default/basic settings of Metasploit? The ease of use of Metasploit and since its widely available, it makes it an easily exploited attack vector. It also aligns to the US RSA Conference talk on metrics that commented that the basic metric of security is "hackability", or how easy is it to hack you.

No comments: