Sombody needs that right into their face. Sometime repeatedly.
threat actor = someone who wants to punch you in the face
from the tweet
threat = the punch being thrown
vulnerability = your inability to defend against the punch
risk = the likelihood of getting punched in the face
acceptable risk = your willingness to be punched in the face
risk management = your ability to see the punch coming
Also, Ricki Burke made the original Authors Casey Ellis tweet into T-Shirts:
Until recently, notepad.exe was considered safe in terms of security vulnerability, mostly for its lack of features and therefore lack of attack surface. Until Vulnerability researcher at Google, Tavis Ormandy, took a closer look and popped a shell from notepad.exe.
Awesome.
This a bit old already, but came to my attention only today. Every Product Manager, Designer and Front End Engineer should read and repeat this every day. Every corporate marketing guy should print and frame this and have it hanging somewhere in sight from his desk.
The older I get, the more I realize the biggest problem to solve in tech is to get people to stop making things harder than they have to be.
— chad fowler (@chadfowler) September 23, 2015