SecurityMetrics.org mailing list thread caused by Donn Parker’s article and my blog posts. I’ve discussed the risk equation both in this blog and in my books. In practical applications, both are worthless, but the terms are helpful, but implementation fails. Marcus Ranum says we are “spending rocket science dollars but getting faith healer results” He quoted a 2005 document by Peter Kuper analyzing the security vendor scene. Kuper claims that the 700 companies estimated to exist in 2005 will compete for $16 billion in revenues in 2008.”]
Source: https://taosecurity.blogspot.com/2006/06/notes-from-techno-security-2006-today.html

