Vulnerabilities: Context Matters

Sunday, May 13, 2012

Jack Daniel

B8db824b8b275afb1f4160f03cd3f733

A recurring theme for me lately is explaining the significance of taking things in context. 

When discussing vulnerabilities with people (I do this a lot working at Tenable), some folks don’t intuitively grasp that context is critical in translating a finding into usable and valuable information.

Let’s shift gears, a few weeks ago I was in Texas for BSidesAustin.  While I was there I picked up a couple of bumper stickers, this one’s my favorite:

IMAG0667

(For those who don’t know, that’s a stylized flag of my home state of Texas, and Texas is always trying to secede from something).

What does this have to do with context?  Imagine this bumper sticker on the back of a Cadillac Escalade in Houston, there’s the stereotypical Texan sick of the meddling of the federal government and the liberal hatred of the Second Amendment. 

Now, let’s picture the same sticker on the back of a Toyota Prius in Cambridge, Massachusetts-  the sentiment is more likely “get rid those ignorant hick psycho cowboys who are screwing up America”.  Context matters.

So, back to that vulnerability, opportunity, threat, bug, whatever it is you are contemplating.  You have to ask yourself “Is this on the back of a Houston Escalade, or a Cambridge Prius?”. 

Not literally, of course, and certainly not out loud- people would give you the kind of look I’m used to getting. 

BUT, you do need to assess how the vulnerability is exposed and what mitigations are in place (or possible); how hard the threat may be to execute against your situation; whether there is a graceful failure mode if the opportunity turns out to be inopportune, etc.

Consequences of the action or situation are also part of the context; the world is full of unintended consequences, please limit your contribution to them.

I guess what I’m saying is don’t make decisions in a vacuum, because that would suck.

Cross-posted from Uncommon Sense Security

Possibly Related Articles:
11389
Network->General
Information Security
Enterprise Security Vulnerabilities Best Practices Incident Response Network Security Threats Mitigation Remediation
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.