25 Apr
2019
25 Apr
'19
7:22 a.m.
On Thu, Apr 25, 2019, 3:06 AM William Herrin <bill@herrin.us> wrote:
Risk is threat times vulnerability times impact. No impact, no risk. For example, if the credentials for my grocery store loyalty card are compromised, I do not actually care. It has no impact.
A fun fact: my employer has a product which basically does brute force protection for web forms. One of, if not the, biggest customers for that product is a grocery store chain, and exactly with their loyalty card portal. Sometimes, the impact or the absence thereof is a matter of perception. -- Töma