Attackers just need one vulnerability, defenders need to be perfect This may be the single most repeated truism in information security. Just this week, a colleague invoked this, with the quip that those of us who’ve chosen defense must be pretty dumb, given the challenge of that task, and the possibility of an easier career in offense. There’s just one problem: it’s not actually true, and it’s harmful to reasoning about information security, particularly for non-practitioners.
