{"id":125,"date":"2011-02-14T13:26:29","date_gmt":"2011-02-14T18:26:29","guid":{"rendered":"http:\/\/rud.is\/b\/?p=125"},"modified":"2011-02-14T13:26:47","modified_gmt":"2011-02-14T18:26:47","slug":"metricon-critical-consumption-of-infosec-statistics","status":"publish","type":"post","link":"https:\/\/rud.is\/b\/2011\/02\/14\/metricon-critical-consumption-of-infosec-statistics\/","title":{"rendered":"Metricon: Critical Consumption Of Infosec Statistics"},"content":{"rendered":"<p>Speaker: Chris Eng \/ Veracode<\/p>\n<p>Every major infosec company publishes quarterly\/yearly summary reports. Some based on survey, some based on real captured data.<\/p>\n<p><strong>Recognizing the Narrative<\/strong><\/p>\n<p>Every fancy looking infosec metrics report is a marketing vehicle; each has different perspectives; no consistency, but you can figure out the framing by looking at the exec summary or ToC; other times it may require real digging. Need to understand &#8220;what they are selling&#8221;. The text in the report is there to back up the narrative.<\/p>\n<p>\u00a0<\/p>\n<p><em>Veracode Report Narrative<\/em><\/p>\n<ul>\n<li>More than 0.5 of all software failed to achieve acceptable level of security<\/li>\n<li>3rd party apps had lowest security quality<\/li>\n<li>No single method of testing is accurate<\/li>\n<\/ul>\n<p>(goal: use Veracode to analyze third party apps :-)<\/p>\n<p>\u00a0<\/p>\n<p><em>Trustwave Report Narrative<\/em><\/p>\n<ul>\n<li>2010 incident response investigations<\/li>\n<li>attack vector evolution<\/li>\n<li>11 strategis initiatives for 2011<\/li>\n<\/ul>\n<p><em>(goal: &#8220;we can help&#8230;we are good at this stuff&#8221;)<\/em><\/p>\n<p><em><br \/><\/em><\/p>\n<p><em>WhiteHat Report<\/em><\/p>\n<ul>\n<li>Which web programming languages are most secure<\/li>\n<\/ul>\n<p>(differs in goal from previous WH reports)<\/p>\n<p>\u00a0<\/p>\n<p>Bottom line: try to understand the <strong>framing<\/strong> &amp;\u00a0<strong>goal<\/strong> when reviewing the narrative<\/p>\n<p>\u00a0<\/p>\n<p><strong>Using Stats Responsibly<\/strong><\/p>\n<p>Sample distribution review\/discussion<\/p>\n<p>normal distribution curves can still vary, but overall shape remains the same (std deviations, &amp; avg)<\/p>\n<p>bimodal distribution (two peaks)&#8230;may miss if you report only on averages<\/p>\n<p>[game: Guess the Report Jeopardy! used primarily to show the pervasiveness of the use of averages]<\/p>\n<p>[side-talk: discussion about different distributions by different sources]<\/p>\n<p>\u00a0<\/p>\n<p>(\/me: this is very interesting)<\/p>\n<p>Would a table of # of flaws per 1K lines of code per language be enough?<\/p>\n<p>Would adding 1st quartike, median and 3rd quartile provide more insight?<\/p>\n<p>Will this help understand the anomalies? Will it help prioritize?<\/p>\n<p>How do we ensure normalized data for comparison?<\/p>\n<p>[side-talk: what&#8217;s a &#8220;line of code&#8221;&#8230;same problem in app bug analysis]<\/p>\n<p>[side-talk: Truth in stats: &#8220;What&#8217;s the question? What matters?&#8221;]<\/p>\n<p>Can you overdo it? Yes.<\/p>\n<p>\u00a0<\/p>\n<p>[game: continued]<\/p>\n<p>Power analysis can be use to determine the statisticaly significant sample size required to ensure the prob of error is acceptable.<\/p>\n<p>Should you really include non-statistically significant data? <em>&#8220;To asterisk or not to asterisk?&#8221;<\/em><\/p>\n<p>It&#8217;s hard to un-see something after you see it (\/me: good point)<\/p>\n<p>[side-talk: show cell counts as well as %-ages; don&#8217;t use a bar chart when a crosstab is more useful]<\/p>\n<p>[side-talk: we should follow guidance from social services in terms of how to present data for action]<\/p>\n<p>\u00a0<\/p>\n<p><strong>Storytelling Via Omission<\/strong><\/p>\n<p>[side-talk: no report provided raw data]<\/p>\n<p>What unwanted assumptions might result if the &#8220;wrong&#8221; data is included?<\/p>\n<p>\u00a0<\/p>\n<p>We need to provide access to raw data even though the majority of the population of consumers don&#8217;t want it.<\/p>\n<p>Veracode will open up analytics platform to security researches :: vercode.com\/analytics<\/p>\n<p>[side-talk: Every company that publishes a report needs to publish name and contact info of their stats person who will backup the processed &amp; data used]<\/p>\n<p>[side-talk: is &#8220;truth&#8221; really what infosec companies really want to promote in their reports? @alexhutton: isn&#8217;t that <a rel=\"tag\" class=\"hashtag u-tag u-category\" href=\"https:\/\/rud.is\/b\/tag\/rsac\/\">#RSAC<\/a>?]<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Speaker: Chris Eng \/ Veracode Every major infosec company publishes quarterly\/yearly summary reports. Some based on survey, some based on real captured data. Recognizing the Narrative Every fancy looking infosec metrics report is a marketing vehicle; each has different perspectives; no consistency, but you can figure out the framing by looking at the exec summary [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"activitypub_content_warning":"","activitypub_content_visibility":"","activitypub_max_image_attachments":3,"activitypub_interaction_policy_quote":"anyone","activitypub_status":"","footnotes":""},"categories":[3,47,4],"tags":[206,209,205,207,210,208],"class_list":["post-125","post","type-post","status-publish","format-standard","hentry","category-information-security","category-metrics","category-risk","tag-chris-eng","tag-data-analysis","tag-social-services","tag-speaker","tag-standard-deviation","tag-summary-statistics"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.3 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Metricon: Critical Consumption Of Infosec Statistics - rud.is<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/rud.is\/b\/2011\/02\/14\/metricon-critical-consumption-of-infosec-statistics\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Metricon: Critical Consumption Of Infosec Statistics - rud.is\" \/>\n<meta property=\"og:description\" content=\"Speaker: Chris Eng \/ Veracode Every major infosec company publishes quarterly\/yearly summary reports. Some based on survey, some based on real captured data. Recognizing the Narrative Every fancy looking infosec metrics report is a marketing vehicle; each has different perspectives; no consistency, but you can figure out the framing by looking at the exec summary [&hellip;]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/rud.is\/b\/2011\/02\/14\/metricon-critical-consumption-of-infosec-statistics\/\" \/>\n<meta property=\"og:site_name\" content=\"rud.is\" \/>\n<meta property=\"article:published_time\" content=\"2011-02-14T18:26:29+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2011-02-14T18:26:47+00:00\" \/>\n<meta name=\"author\" content=\"hrbrmstr\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"hrbrmstr\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"2 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/rud.is\\\/b\\\/2011\\\/02\\\/14\\\/metricon-critical-consumption-of-infosec-statistics\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/rud.is\\\/b\\\/2011\\\/02\\\/14\\\/metricon-critical-consumption-of-infosec-statistics\\\/\"},\"author\":{\"name\":\"hrbrmstr\",\"@id\":\"https:\\\/\\\/rud.is\\\/b\\\/#\\\/schema\\\/person\\\/d7cb7487ab0527447f7fda5c423ff886\"},\"headline\":\"Metricon: Critical Consumption Of Infosec Statistics\",\"datePublished\":\"2011-02-14T18:26:29+00:00\",\"dateModified\":\"2011-02-14T18:26:47+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/rud.is\\\/b\\\/2011\\\/02\\\/14\\\/metricon-critical-consumption-of-infosec-statistics\\\/\"},\"wordCount\":498,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/rud.is\\\/b\\\/#\\\/schema\\\/person\\\/d7cb7487ab0527447f7fda5c423ff886\"},\"keywords\":[\"Chris Eng\",\"Data analysis\",\"social services\",\"Speaker\",\"Standard deviation\",\"Summary statistics\"],\"articleSection\":[\"Information Security\",\"Metrics\",\"Risk\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/rud.is\\\/b\\\/2011\\\/02\\\/14\\\/metricon-critical-consumption-of-infosec-statistics\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/rud.is\\\/b\\\/2011\\\/02\\\/14\\\/metricon-critical-consumption-of-infosec-statistics\\\/\",\"url\":\"https:\\\/\\\/rud.is\\\/b\\\/2011\\\/02\\\/14\\\/metricon-critical-consumption-of-infosec-statistics\\\/\",\"name\":\"Metricon: Critical Consumption Of Infosec Statistics - rud.is\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/rud.is\\\/b\\\/#website\"},\"datePublished\":\"2011-02-14T18:26:29+00:00\",\"dateModified\":\"2011-02-14T18:26:47+00:00\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/rud.is\\\/b\\\/2011\\\/02\\\/14\\\/metricon-critical-consumption-of-infosec-statistics\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/rud.is\\\/b\\\/2011\\\/02\\\/14\\\/metricon-critical-consumption-of-infosec-statistics\\\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/rud.is\\\/b\\\/2011\\\/02\\\/14\\\/metricon-critical-consumption-of-infosec-statistics\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/rud.is\\\/b\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Metricon: Critical Consumption Of Infosec Statistics\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/rud.is\\\/b\\\/#website\",\"url\":\"https:\\\/\\\/rud.is\\\/b\\\/\",\"name\":\"rud.is\",\"description\":\"&quot;In God we trust. All others must bring data&quot;\",\"publisher\":{\"@id\":\"https:\\\/\\\/rud.is\\\/b\\\/#\\\/schema\\\/person\\\/d7cb7487ab0527447f7fda5c423ff886\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/rud.is\\\/b\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":[\"Person\",\"Organization\"],\"@id\":\"https:\\\/\\\/rud.is\\\/b\\\/#\\\/schema\\\/person\\\/d7cb7487ab0527447f7fda5c423ff886\",\"name\":\"hrbrmstr\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/i0.wp.com\\\/rud.is\\\/b\\\/wp-content\\\/uploads\\\/2023\\\/10\\\/ukr-shield.png?fit=460%2C460&ssl=1\",\"url\":\"https:\\\/\\\/i0.wp.com\\\/rud.is\\\/b\\\/wp-content\\\/uploads\\\/2023\\\/10\\\/ukr-shield.png?fit=460%2C460&ssl=1\",\"contentUrl\":\"https:\\\/\\\/i0.wp.com\\\/rud.is\\\/b\\\/wp-content\\\/uploads\\\/2023\\\/10\\\/ukr-shield.png?fit=460%2C460&ssl=1\",\"width\":460,\"height\":460,\"caption\":\"hrbrmstr\"},\"logo\":{\"@id\":\"https:\\\/\\\/i0.wp.com\\\/rud.is\\\/b\\\/wp-content\\\/uploads\\\/2023\\\/10\\\/ukr-shield.png?fit=460%2C460&ssl=1\"},\"description\":\"Don't look at me\u2026I do what he does \u2014 just slower. #rstats avuncular \u2022 ?Resistance Fighter \u2022 Cook \u2022 Christian \u2022 [Master] Chef des Donn\u00e9es de S\u00e9curit\u00e9 @ @rapid7\",\"sameAs\":[\"http:\\\/\\\/rud.is\"],\"url\":\"https:\\\/\\\/rud.is\\\/b\\\/author\\\/hrbrmstr\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Metricon: Critical Consumption Of Infosec Statistics - rud.is","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/rud.is\/b\/2011\/02\/14\/metricon-critical-consumption-of-infosec-statistics\/","og_locale":"en_US","og_type":"article","og_title":"Metricon: Critical Consumption Of Infosec Statistics - rud.is","og_description":"Speaker: Chris Eng \/ Veracode Every major infosec company publishes quarterly\/yearly summary reports. Some based on survey, some based on real captured data. Recognizing the Narrative Every fancy looking infosec metrics report is a marketing vehicle; each has different perspectives; no consistency, but you can figure out the framing by looking at the exec summary [&hellip;]","og_url":"https:\/\/rud.is\/b\/2011\/02\/14\/metricon-critical-consumption-of-infosec-statistics\/","og_site_name":"rud.is","article_published_time":"2011-02-14T18:26:29+00:00","article_modified_time":"2011-02-14T18:26:47+00:00","author":"hrbrmstr","twitter_card":"summary_large_image","twitter_misc":{"Written by":"hrbrmstr","Est. reading time":"2 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/rud.is\/b\/2011\/02\/14\/metricon-critical-consumption-of-infosec-statistics\/#article","isPartOf":{"@id":"https:\/\/rud.is\/b\/2011\/02\/14\/metricon-critical-consumption-of-infosec-statistics\/"},"author":{"name":"hrbrmstr","@id":"https:\/\/rud.is\/b\/#\/schema\/person\/d7cb7487ab0527447f7fda5c423ff886"},"headline":"Metricon: Critical Consumption Of Infosec Statistics","datePublished":"2011-02-14T18:26:29+00:00","dateModified":"2011-02-14T18:26:47+00:00","mainEntityOfPage":{"@id":"https:\/\/rud.is\/b\/2011\/02\/14\/metricon-critical-consumption-of-infosec-statistics\/"},"wordCount":498,"commentCount":0,"publisher":{"@id":"https:\/\/rud.is\/b\/#\/schema\/person\/d7cb7487ab0527447f7fda5c423ff886"},"keywords":["Chris Eng","Data analysis","social services","Speaker","Standard deviation","Summary statistics"],"articleSection":["Information Security","Metrics","Risk"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/rud.is\/b\/2011\/02\/14\/metricon-critical-consumption-of-infosec-statistics\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/rud.is\/b\/2011\/02\/14\/metricon-critical-consumption-of-infosec-statistics\/","url":"https:\/\/rud.is\/b\/2011\/02\/14\/metricon-critical-consumption-of-infosec-statistics\/","name":"Metricon: Critical Consumption Of Infosec Statistics - rud.is","isPartOf":{"@id":"https:\/\/rud.is\/b\/#website"},"datePublished":"2011-02-14T18:26:29+00:00","dateModified":"2011-02-14T18:26:47+00:00","breadcrumb":{"@id":"https:\/\/rud.is\/b\/2011\/02\/14\/metricon-critical-consumption-of-infosec-statistics\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/rud.is\/b\/2011\/02\/14\/metricon-critical-consumption-of-infosec-statistics\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/rud.is\/b\/2011\/02\/14\/metricon-critical-consumption-of-infosec-statistics\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/rud.is\/b\/"},{"@type":"ListItem","position":2,"name":"Metricon: Critical Consumption Of Infosec Statistics"}]},{"@type":"WebSite","@id":"https:\/\/rud.is\/b\/#website","url":"https:\/\/rud.is\/b\/","name":"rud.is","description":"&quot;In God we trust. All others must bring data&quot;","publisher":{"@id":"https:\/\/rud.is\/b\/#\/schema\/person\/d7cb7487ab0527447f7fda5c423ff886"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/rud.is\/b\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":["Person","Organization"],"@id":"https:\/\/rud.is\/b\/#\/schema\/person\/d7cb7487ab0527447f7fda5c423ff886","name":"hrbrmstr","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/i0.wp.com\/rud.is\/b\/wp-content\/uploads\/2023\/10\/ukr-shield.png?fit=460%2C460&ssl=1","url":"https:\/\/i0.wp.com\/rud.is\/b\/wp-content\/uploads\/2023\/10\/ukr-shield.png?fit=460%2C460&ssl=1","contentUrl":"https:\/\/i0.wp.com\/rud.is\/b\/wp-content\/uploads\/2023\/10\/ukr-shield.png?fit=460%2C460&ssl=1","width":460,"height":460,"caption":"hrbrmstr"},"logo":{"@id":"https:\/\/i0.wp.com\/rud.is\/b\/wp-content\/uploads\/2023\/10\/ukr-shield.png?fit=460%2C460&ssl=1"},"description":"Don't look at me\u2026I do what he does \u2014 just slower. #rstats avuncular \u2022 ?Resistance Fighter \u2022 Cook \u2022 Christian \u2022 [Master] Chef des Donn\u00e9es de S\u00e9curit\u00e9 @ @rapid7","sameAs":["http:\/\/rud.is"],"url":"https:\/\/rud.is\/b\/author\/hrbrmstr\/"}]}},"jetpack_featured_media_url":"","jetpack_shortlink":"https:\/\/wp.me\/p23idr-21","jetpack_likes_enabled":true,"jetpack-related-posts":[{"id":131,"url":"https:\/\/rud.is\/b\/2011\/02\/14\/metricon-software-securitys-futures-plural\/","url_meta":{"origin":125,"position":0},"title":"Metricon: Software Security&#8217;s Futures Plural","author":"hrbrmstr","date":"2011-02-14","format":false,"excerpt":"UPDATE - 2011-02-26: Alphonso has posted his slides and BeeWise is open! Speaker: Alfonso\u00a0De Gregorio How do we build a future in software security? \u00a0 \/me: the slides that will be posted have a ton of detail that Alfonso sped through. you'll get a very good feel from them \u00a0\u2026","rel":"","context":"In &quot;Information Security&quot;","block_context":{"text":"Information Security","link":"https:\/\/rud.is\/b\/category\/information-security\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":1213,"url":"https:\/\/rud.is\/b\/2012\/06\/07\/slopegraphs-in-python-log-scales-spam-data-analysis\/","url_meta":{"origin":125,"position":1},"title":"Slopegraphs in Python \u2013 Log Scales &#038; Spam Data Analysis","author":"hrbrmstr","date":"2012-06-07","format":false,"excerpt":"Given the focus on actual development of the PySlopegraph tool in most of the blog posts of late, folks may be wondering why an infosec\/inforisk guy is obsessing so much on a tool and not talking security. Besides the fixation on filling a void and promoting an underused visualization tool,\u2026","rel":"","context":"In &quot;Charts &amp; Graphs&quot;","block_context":{"text":"Charts &amp; Graphs","link":"https:\/\/rud.is\/b\/category\/charts-graphs\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":391,"url":"https:\/\/rud.is\/b\/2011\/03\/19\/crossroad-of-erm-and-the-parallels-to-irm\/","url_meta":{"origin":125,"position":2},"title":"Crossroad of ERM and the Parallels to IRM","author":"hrbrmstr","date":"2011-03-19","format":false,"excerpt":"Had to modify the latimes URL in the post due to a notice from Wordfence\/Google I was reviewing the - er - highlights? - from the ninth ERM Symposium in Chicago over at Riskviews this morning and was intrigued by some of the parallels to the current situation in enterprise\u2026","rel":"","context":"In &quot;Compliance&quot;","block_context":{"text":"Compliance","link":"https:\/\/rud.is\/b\/category\/compliance\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":127,"url":"https:\/\/rud.is\/b\/2011\/02\/14\/metricon-automated-incident-reporting\/","url_meta":{"origin":125,"position":3},"title":"Metricon: Automated Incident Reporting","author":"hrbrmstr","date":"2011-02-14","format":false,"excerpt":"Speaker: Juhaniu Eronen \"The Autoreporter Project\" - Background Goal: make finland mostly harmless to the rest of the internet (that's actually in the law - Protection of Privacy in Electronic Comms\/Finland) \u00a0 \/me: I'll need to put some verbiage around this tonight to give you a good picture of what\u2026","rel":"","context":"In &quot;Information Security&quot;","block_context":{"text":"Information Security","link":"https:\/\/rud.is\/b\/category\/information-security\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":286,"url":"https:\/\/rud.is\/b\/2011\/03\/05\/micropwns-risk-microprobabilities-for-infosec\/","url_meta":{"origin":125,"position":4},"title":"Micropwns :: Risk Microprobabilities for Infosec?","author":"hrbrmstr","date":"2011-03-05","format":false,"excerpt":"NOTE: This is a re-post from a topic I started on the SecurityMetrics & SIRA mailing lists. Wanted to broaden the discussion to anyone not on those (and, why aren't you on them?) I had not heard the term micromort prior to listening to David Spiegelhalter's Do Lecture and the\u2026","rel":"","context":"In &quot;Information Security&quot;","block_context":{"text":"Information Security","link":"https:\/\/rud.is\/b\/category\/information-security\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":2329,"url":"https:\/\/rud.is\/b\/2013\/03\/14\/%cf%80-awareness-datavis-vast-2013-moar-data-greader-machinations\/","url_meta":{"origin":125,"position":5},"title":"\u03c0, Awareness, DataVis, VAST 2013, Moar data! &#038; GReader Machinations","author":"hrbrmstr","date":"2013-03-14","format":false,"excerpt":"Far too many interesting bits to spam on Twitter individually but each is worth getting the word out on: - It's [\u03c0 Day](https:\/\/www.google.com\/search?q=pi+day)* - Unless you're living in a hole, you probably know that [Google Reader is on a death march](http:\/\/www.bbc.co.uk\/news\/technology-21785378). I'm really liking self-hosting [Tiny Tiny RSS](https:\/\/www.google.com\/url?sa=t&rct=j&q=&esrc=s&source=web&cd=1&cad=rja&ved=0CDEQFjAA&url=https%3A%2F%2Fgithub.com%2Fgothfox%2FTiny-Tiny-RSS&ei=YtlBUfOLJvLe4AOHtoDIAQ&usg=AFQjCNGwtEr8slx-i0vNzhQi4b4evRVXFA&bvm=bv.43287494,d.dmg) so far,\u2026","rel":"","context":"In &quot;Cybersecurity&quot;","block_context":{"text":"Cybersecurity","link":"https:\/\/rud.is\/b\/category\/cybersecurity\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]}],"jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/rud.is\/b\/wp-json\/wp\/v2\/posts\/125","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/rud.is\/b\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/rud.is\/b\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/rud.is\/b\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/rud.is\/b\/wp-json\/wp\/v2\/comments?post=125"}],"version-history":[{"count":0,"href":"https:\/\/rud.is\/b\/wp-json\/wp\/v2\/posts\/125\/revisions"}],"wp:attachment":[{"href":"https:\/\/rud.is\/b\/wp-json\/wp\/v2\/media?parent=125"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/rud.is\/b\/wp-json\/wp\/v2\/categories?post=125"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/rud.is\/b\/wp-json\/wp\/v2\/tags?post=125"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}