Harbinger

2. On reflection, an attack generally is made up of steps to first subvert control flow of a program and then a payload to achieve whatever impact the attacker wants executed.... and if I squint I can sort of see these as magnitude and direction.

1. TIL the etymology of the word "vector" comes from "carrier", which makes sense in i.e. physics where it denotes a thing with magnitude and direction. I never thought about how the term works as in "attack vector"; my brain just cached it as "cool way of saying attack".

Prisig wasn't talking about machines in the sense that readers of this tweet relate to the term, and he wasn't talking about hacking. Yet the attitude he is so wonderfully describing here fits perfectly with security mindset. Sometimes trying hard requires stopping to try.

"What you have to do, if you get caught in this gumption trap of value rigidity, is slow down - you're going to have to slow down anyway whether you want to or not - but slow down deliberately

and before long, as sure as you live, you'll get a little nibble, a little fact asking in a timid way, humble way if you're interested in it. That's the way the world keeps on happening. Be interested in it." - Robert M. Prisig, Zen and the Art of Motorcycle Maintenance, 1974.

Looking forward to our chat!

Our new Secure Software Development Learning Paths offer some first steps into this synthesis, focusing on how developers can integrate security principles and concepts into their workflow.

Security is (at least) a two sided coin. It's one thing to be able to attack a web application. It's another to be able to write one with security in mind. To synthesize both though is one of the keys to improvements in security over time.