6 min
Rapid7 Perspective
Conflicting perspectives on the TLS 1.3 Draft
In the security industry, as in much of life, a problem we often face is that of
balance. We are challenged with finding the balance between an organization's
operational needs and the level of security that can be implemented. In many
situations an acceptable, if less than optimal, solution can be found but there
are cases where this balance cannot be achieved. I recently saw a case of this
[https://mailarchive.ietf.org/arch/msg/tls/KQIyNhPk8K6jOoe2ScdPZ8E08RE/] on the
mailing list of the IETF
2 min
Rapid7 Perspective
If you can't explain it simply, you don't understand it well enough
You may have heard “If you can't explain it simply, you don't understand it well
enough.” This is a quote attributed to Albert Einstein that I immediately
thought of when I read about the newly-published risk metrics findings of the
Ponemon Institute study The State of Risk-Based Security Management. Of the
1,320 IT and security professionals surveyed, 59% said that security metrics
information is too technical to be understood by non-technical management.
Really!?
There's not a single thing as