How Sutton’s Law Applies to Cybersecurity Today

In my previous article, I raised a red flag about the diminishing practical returns of “mom and pop” threat research as a proxy for mitigating vulnerabilities and bad consequences. Threat assessment is often both difficult and incomplete, and sometimes best left to those who have timely access to the best possible data (and the even then, left to those with the military and intelligence means to act on it).

In that piece, I also begged an obvious question.

If chasing threats are not the best allocation of an organization’s…

Article Link: