Jorge Gaona (@pollirrata)
Enterprise Architect @
Client Solutions Architect @
• Protecting data and information from unauthorized access
• Ensuring access to authorized entities
• Trusting your data is what you think it is
Mb + Pb > Ocp + OcmPaPc
• Mb is the monetary benefit for the attacker.
• Pb is the psychological benefit for the attacker.
• Ocp is the cost of committing the crime.
• Ocm is the monetary costs of conviction for the attacker.
• Pa is the probability of being apprehended and arrested.
• Pc is the probability of conviction for the attacker.
10 80 10
User Attack Surface
• Amount of code
• Number of inputs
• Number of services
• Number of open
• Is your user stupid? (errors,
social engineering, phishing)
• Is your user evil?
Application Attack Surface
Provides developers with a list of requirements for secure
Can software kill us?