John U
@jdu2600.bsky.social
He/him. Security Research Engineer @ Prelude Research.
October 30, 2025 at 1:01 AM
July 31, 2025 at 11:00 AM
MITRE is simply a technique taxonomy - it doesn't have a risk overlay.
Too often the industry overfits on 100% coverage rather than cost-effective risk-informed defenses.
It's okay to assess a technique as low risk and to not have specific coverage.
MITRE's biases don't need to be your biases.
Too often the industry overfits on 100% coverage rather than cost-effective risk-informed defenses.
It's okay to assess a technique as low risk and to not have specific coverage.
MITRE's biases don't need to be your biases.
February 6, 2025 at 2:24 AM
MITRE is simply a technique taxonomy - it doesn't have a risk overlay.
Too often the industry overfits on 100% coverage rather than cost-effective risk-informed defenses.
It's okay to assess a technique as low risk and to not have specific coverage.
MITRE's biases don't need to be your biases.
Too often the industry overfits on 100% coverage rather than cost-effective risk-informed defenses.
It's okay to assess a technique as low risk and to not have specific coverage.
MITRE's biases don't need to be your biases.
January 25, 2025 at 9:01 AM