From Security Weekly WikiJump to navigationJump to search
# Verizon DBIR and reactions
[http://www.verizonenterprise.com/verizon-insights-lab/dbir/ The 2016 Verizon DBIR is out.] As always, there's some good stuff in there, but not much new- it is sadly a Report Card of Fail in many ways- how many times can we hear that folks need to use 2FA, patch their stuff, segment their networks, etc. etc.?
[https://blog.osvdb.org/2015/04/23/a-note-on-the-verizon-dbir-2015-incident-counting-and-vdbs/ Jericho took exception to the vulnerability section of this year's DBIR] and he isn't alone.
[https://blog.osvdb.org/2016/04/27/a-note-on-the-verizon-dbir-2016-vulnerabilities-claims/ Jericho followed up after Kenna's response]
[http://blog.erratasec.com/2016/05/freaking-out-over-dbir.html Rob Graham was also unimpressed]