« A Cloud Risk That Is Different In Kind | Main | Enterprise API Management for Mobile Part 2 - Don't Trust. And Verify »

TrackBack

TrackBack URL for this entry:
http://www.typepad.com/services/trackback/6a00d83451c75869e201901c480ab4970b

Listed below are links to weblogs that reference Limitations of Statistics on Measuring Risk :

Comments

David Mortman

That's (as is usual for Taleb as far as I can tell) is hardly a reasonable comparison to how statistics is used by many practitioners.

All else aside Taleb doesn't know anything about raising turkeys for slaughter. 1) Turkeys are generally only 100-125 days old when they are slaughtered. Even heritage turkeys which take longer to raise are butchered at in the 180 day range. 2) Butchers don't generally raise or feed turkeys, that's done by the farmer.

gunnar

My takeaway is that, like trying to learn from data breaches, we can learn some things about what not to do, but as for what to do - that does not yield to statistical analysis

David Mortman

Well we can also learn (for effected industries of course) where there has been potentially over-investments. Case in point, there's never in the 5 years or so of the DBIR ever been an environmental based attack. Some other areas are hugely underrepresented as well.

What would be interesting to have VRZN et al publish are avenues attacked by miscreants where they failed because there was good enough security (at least compared to where they actually got in).

The comments to this entry are closed.