No. Not even close. I’ve posted before about the limitations of the surveys etc we’re fed almost daily, but add the rest I’ve included in the title, and you’re still not close to the reality of badly developed and insecure software. Some things you just cannot blog about for various reasons. (Makes some blogs probably less interesting..hmm..yeah..I know). Not hard to work out what I am talking about – client confidentiality. That’s why, any of the above [views "from the trenches"] can be taken with a grain of salt. Sample if you like and if you can, but the figures you arrive at will still be the tip of the iceberg in regards to accuracy. (Note: taking aside anti-badware vendor surveys and statistics, which will always scare the pants off anyone if taken for real).
Who’s listening to the guys working it vs. the script kiddie BS in the press?
Unknown unknowns, detection, expertise, tools, gold images, change management and FUD
Hope? http://www.cisecurity.org/securitymetrics.html
Previous threads http://beastorbuddha.com/?s=survey
[...] and statistics out there? Multiply Securus Global x many [others in the same boat]. Related post here. – Some Vendor; “You’re not pushing our products enough to your clients! We may have to [...]