Assumptions: The Deadliest Vulnerability

Once upon a time there was a little girl named Goldilocks. She went for a walk in the forest where she found a peculiar house. She knocked. No one answered so she walked right in. <SPOILER ALERT> She died.

You know the story so I cut to the end. Sorry if I ruined it for you.

Goldilocks and the three bears is the ultimate tale of making bad assumptions from test data. Goldi finds a house and she assumes there are people in there and further assumes they’d be willing to help her. Then she assumes that because there’s no answer it means she should go in.

She then assumes that the people who left their (warm) food still on the table won’t be back soon. Then she assumed it’s okay to not try to fix the chair she breaks, or even leave a note. Then she assumes she can take a nap. And did I mention she never assumed friggin’ bears lived there? You know, with teeth and claws and aggressive instincts and stuff.

Yup, that story is just one bad assumption layer cake.

You know where else assumptions happen but only sometimes ends with bears mauling a little girl? Cybersecurity, that’s where. It’s a common problem, and it even happens to the experienced security analyst. Assumptions are the vulnerability you didn’t see coming.

As the most important cybersecurity authority you are presently reading, I can enlighten you a bit on this matter. Assumptions are the things that combine your experiences and gut instinct to lead you to making random decisions. Random because neither your memories of your experiences nor your intrinsic feelings about something are very good decision makers.

You’d have a better chance of making an informed decision by flipping a coin and calling which edge it would (Read more...)

This is a Security Bloggers Network syndicated blog post authored by Pete Herzog. Read the original post at: Cylance Blog