Brian in Pittsburgh

Remember that the swiss cheese model of safety/security failure doesn't apply well to cybersecurity. At least in terms of its current general state.

Things are much, much worse in cybersecurity.

In the swiss cheese model, defense-in-depth exists to some degree. But there are just too many holes in each layer, too few layers, or some combination of both for protection to be robust enough to avoid catastrophe with extremely high reliability.

Meanwhile, in typical failures of cybersecurity in its current general state you might say, with little exaggeration, that there are more holes than cheese.

Apr 2, 2025 at 3:05pmWeb
Show threadDavid Chisnall (*Now with 50% more sarcasm!*)Apr 3, 2025
@arekfurt It’s not that defence in depth doesn’t work, it’s that people often end up building defence in breadth: the extra defence isn’t behind the existing one in case it fails, it’s adjacent and provides an alternative attack surface. Now, instead of at least one having to be safe from an attacker for you to be secure, every layer has to be secure and adding the new ones strictly weakens security because now some attacks are possible because they need only the new bits of attack surface that you added.