This piece discusses the idea in detail, explains why this is the case, concludes that the “shift left” movement is not going to work, and shares a vision for the future
People are the cybersecurity vulnerability whether it's coding, configuration, or behavior, and we spend all our time trying to patch our way out of it with software updates or new tech. Too bad we can't patch people's behavior.
People are the cybersecurity vulnerability whether it's coding, configuration, or behavior, and we spend all our time trying to patch our way out of it with software updates or new tech. Too bad we can't patch people's behavior.
Ross,
Great post. I find most folks have heard of Mitre ATT&CK, but haven't heard of MITRE CAPEC.
https://capec.mitre.org/about/attack_comparison.html
If you are focusing on application security risks then you should look at Capec. If you are looking at network defense then look at Mitre ATT&CK
I had no idea it exists myself - thanks Ross!