On Tue, 11 Jun 2013 22:55:12 -0400, <Valdis.Kletnieks@vt.edu> wrote:
Do you have any actual evidence that a .edu of (say) 2K employees is statistically *measurably* less secure than a .com of 2K employees?
We're sorta lookin' at one now. :-) But seriously, how do you measure one's security? The scope is constantly changing. While there are companies one can pay to do this, those reports are *very* rarely published. And I've not heard of a single edu performing such an audit. The only statistics we have to run with are of *known* breaches. And that's a very bad metric as a company with no security at all that's had no (reported) intrusions appears to have very good security, while a company with extensive security looks very bad after a few breaches. One has noone sniffing around at all, while the other has teams going at it with pick-axes. One likely has noone in charge of security, while the other has an entire security department.