Should We Focus on Vulnerabilities or Threats?

October 29, 2008

Richard Bejtlich just put up a post about the debate around whether we as security practitioners should focus on vulnerabilities or on threats.

I commented on his post, but thought it worth it to reproduce my thoughts here as well. Here’s what I said: