In the world of computer, network and data security there is a tendency towards confirmation bias. Confirmation Bias is the tendency to search out, recall, favor and repeat information that confirms one’s pre existing beliefs, while rejecting information that questions it.

I have worked for a number of different companies across the landscape of security and while many of them admit that their approach is one of many, most adhere strictly to a confirmation bias that they are the ONLY PROPER WAY to secure your network.

This is similar, but not identical, to the logical fallacy of begging the question. You all hear people say “which begs the question” when what they mean is “which raises the question” but it doesn’t mean that at all.

“Begging the question” is a form of logical fallacy in which a statement or claim is assumed to be true without evidence other than the statement or claim itself.

Similar, but not identical.

Confirmation Bias does look for other data, but only those that support the hypothesis in question. For our context, this would be a company that assures us that their ‘secret sauce’ is, in fact, the best, if not the only way to secure things.

Truth be told, system insecurity is a rapidly moving and expanding target, and such an assumption is unprovable. But some technologies do work better than others, usually for a limited span of history.

the lesson? Don’t treat your technology as a dogma.

Persevere,

David Perry

Huntington Beach, June 2016