Wednesday, June 10, 2009

My Security Information Trust Pyramid

Not log trust, mind you; this is just a structured dump of how I look at security-related information coming from various public sources.

  1. Whatever writing from someone that I actually know personally (and can vouch for)
  2. Blog of a security engineer (typically minimum bias)
  3. Analyst blogger (their bias is typically spread around)
  4. Security vendor blogger  (their bias is clear and can be corrected for)
  5. Security consultant blogger (their bias is opaque, so less trust)
  6. Security journalist blogger
  7. IT journalist blogger
  8. IT journalist
  9. Clown in a neighborhood circus :-)

What are the conclusions one might draw from this?

a. Open bias makes for easier information interpretation than a hidden bias

b. I’d take “biased + knowledgeable” over “fair + ignorant” any day of the week :-)


Dr Anton Chuvakin