On Thu, Apr 25, 2019, 3:06 AM William Herrin <b...@herrin.us> wrote: > Risk is threat times vulnerability times impact. No impact, no risk. For > example, if the credentials for my grocery store loyalty card are > compromised, I do not actually care. It has no impact. >
A fun fact: my employer has a product which basically does brute force protection for web forms. One of, if not the, biggest customers for that product is a grocery store chain, and exactly with their loyalty card portal. Sometimes, the impact or the absence thereof is a matter of perception. -- Töma >