Embed Notice

HTML Code

<blockquote style="position: relative; padding-left: 55px;"><section><a href="https://infosec.exchange/users/dymaxion/statuses/113865631643957529">Eleanor Saitta (dymaxion@infosec.exchange)'s status on Tuesday, 21-Jan-2025 21:26:29 JST</a><a href="https://infosec.exchange/@dymaxion" title="dymaxion@infosec.exchange"><img src="https://gnusocial.jp/avatar/92115-48-20240110063025.webp" width="48" height="48" alt="Eleanor Saitta" style="position: absolute; left: 0; top: 0;">Eleanor Saitta</a><div><a href="https://provably.online/@ktemkin/113860470368655143" rel="in-reply-to">in reply to</a><ul><li></ul></div></section><article><p><a href="https://provably.online/@ktemkin">@ktemkin</a><br>I think there are two different categories here. System design needs to be evaluated in the context of a threat model, yes (and a lot of what gets called a threat model is at best a colloquial approximation of actual thinking), but basic vulnerabilities, whether that means parser and state machine issues, memory issues, or issues of incorrect implementation of a chosen set cryptographic primitives, all qualify as "done badly" in most cases and insecure in the majority of foreseeable threat models if they're in reachable code.</p><p>"Has an open port connected to the internet" implies a minimum set of things that must be accounted for in a threat model, as is "supports messaging between users".</p></article><footer><a rel="bookmark" href="https://gnusocial.jp/conversation/4409293#notice-8641173">In conversation</a><time datetime="2025-01-21T21:26:29+09:00" title="Tuesday, 21-Jan-2025 21:26:29 JST">about 4 months ago</time> <span>from <span><a href="https://infosec.exchange/@dymaxion/113865631643957529" rel="external" title="Sent from infosec.exchange via ActivityPub">infosec.exchange</a></span></span><a href="https://infosec.exchange/@dymaxion/113865631643957529">permalink</a></footer></blockquote>

Corresponding Notice

Embed this notice
Eleanor Saitta (dymaxion@infosec.exchange)'s status on Tuesday, 21-Jan-2025 21:26:29 JSTEleanor Saitta
in reply to
- Kate Temkin
@ktemkin
I think there are two different categories here. System design needs to be evaluated in the context of a threat model, yes (and a lot of what gets called a threat model is at best a colloquial approximation of actual thinking), but basic vulnerabilities, whether that means parser and state machine issues, memory issues, or issues of incorrect implementation of a chosen set cryptographic primitives, all qualify as "done badly" in most cases and insecure in the majority of foreseeable threat models if they're in reachable code.
"Has an open port connected to the internet" implies a minimum set of things that must be accounted for in a threat model, as is "supports messaging between users".
In conversationabout 4 months ago from infosec.exchangepermalink

Public

Embed Notice

HTML Code

Corresponding Notice