I've been thinking for a while what might be the kinds of "fundamental laws" of cybersecurity: "attacks only get stronger" (asymmetry) is a good contender but I feel there's more out there... - "risks not internalized is already externalized" (own)
- "security at the expense of usability comes as the expense of security" (AviD, stackexchange) - "Security must be the convex cover [of a desired world]" (self, too abstract for C-suite)
- "Trust cannot be bootstrapped, only grounded in the pre-assumption of trust" (self, still wip)
- "Solutionism has *betrained* itself, if neither math nor market approved it." (self, wip #2)
- "The only undefendable trust boundary is that of adoption." (self, wip #3)
- "Ye world is async, but thy sanity linear(ized)." (self #4, had to...)
- "When, not *if* or *how*." (also self)