| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <1084260205.3727.221.camel@syd0137.fujitsu.com.au> From: kluge at fujitsu.com.au (Steffen Kluge) Subject: Learn from history? On Tue, 2004-05-11 at 00:50, Michal Zalewski wrote: > > R = E x p > > > > R = Risk > > E = event > > p = probability of the event happening > > If we must toy with bogus marketspeak "equations", shouldn't E - at the > very least - numerically correspond to the consequences (loss?) caused by > an event, rather than being an event itself? Of course. Prevalent risk management standards put "impact" in the place of "event" (which isn't quantifiable anyway). And they don't use an arithmetic product to combine impact and likelihood, but rather a matrix, which is not linear but more close to reality. > Otherwise, my risk R of getting a bar of chocolate from a stranger is > 0.001 * getting_chocolate_bar_from_stranger. Having avoided carbs for quite a while I can't really comment... Cheers Steffen. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: This is a digitally signed message part Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20040511/dabbfc02/attachment.bin
Powered by blists - more mailing lists