In a recent post, “The Future Belongs To The Quants,” Chris suggests that risk mitigations must be quantifiable. My post “In The Future, Everyone Will Be Audited for 20 Years,” lists what the FTC is requiring for risk mitigation. It seems none of it is quantifiable. Chris?
(Incidentally, I think this iptables shirt may be the single geekiest t-shirt I have ever seen, including the vendor room at probably 10 Defcons. From lilit’s photostream.)