Summary Bullets:

• The recent DBIR controversy over a seemingly flawed top 10 list is an opportunity to highlight that data-driven security research is no panacea for breach prevention.
• Data-driven security research shouldn’t be a drive to develop conclusions; it should an attempt to foster discussion and collaboration.

The annual release of the Verizon Data Breach Investigations Report is usually widely anticipated and well received for its data-driven insights on which attack techniques led to successful data breaches in the previous year, and what preventative actions enterprises might undertake to avoid future attacks.

This year’s report, however, has been unusually criticized because the authors’ list of the top 10 most exploited vulnerabilities (in successful breaches) seemed flawed to many vulnerability experts. Continue reading “Verizon DBIR Controversy Highlights Need for Data-Driven Research Transparency” →