Shostack + Friends Blog


Other comments on the CSRB Microsoft Report

Cartoon talk bubbles on the report title

Other people have written about the CSRB report, and adding them made my previous post even longer. I wanted to share their perspectives:

In conversation, Tarah Wheeler pointed out that what’s involved in creating “big yellow taxi” is not clear, and it’s not clear if that module is available even to other government agencies. It would also be interesting to know how many rules on the scale of “Big Yellow Taxi” State has developed, and the false positive rates for each. Such information could directly inform conversations about the value of developing rules, and about acceptable false positive rates for rules that trigger “frequently.” (Is it worth doing 10 hour-long investigations to catch one intrusion like this? 100? 1000?)